Oracle EBS 2025 Campaign Impacts Madison Square Garden, Sensitive Data Leaked
In recent months, Madison Square Garden (MSG) has confirmed a data breach linked to the 2025 Oracle E-Business Suite (EBS) hacking campaign. The incident highlights the devastating consequences of unpatched vulnerabilities in software applications and the importance of timely security updates.
The Impact on Madison Square Garden
Madison Square Garden, a world-renowned multi-purpose indoor arena located in New York City, USA, has been affected by a data breach tied to the 2025 Oracle EBS campaign. The incident is just one example of the numerous organizations compromised in the large-scale hacking operation exploiting Oracle EBS environments. According to reports, MSG refused to pay the ransom demanded by the Cl0p ransomware group and instead decided to leak over 210GB of its archived files, exposing sensitive information.
The leaked data included business records related to hiring or payments made to individuals, as well as personal data containing names and Social Security numbers. This breach serves as a stark reminder of the potential risks associated with outdated software and inadequate cybersecurity measures.
The Oracle EBS Hacking Campaign
The Cl0p ransomware group exploited zero-day flaws in the Oracle EBS application to access data from over 100 organizations, including MSG. The vulnerability, tracked as CVE-2025-61882 (CVSS 9.8), was released by Oracle in October 2025 and provided a critical patch for affected customers. However, many organizations failed to implement the update in time, leaving them vulnerable to attack.
The Cl0p ransomware group took advantage of this vulnerability to gain unauthorized access to sensitive data from the Oracle EBS system. The attackers then demanded payment from MSG, but the company refused to comply. Instead, they chose to leak their archived files, exposing sensitive information and compromising their reputation.
Consequences and Lessons Learned
The Madison Square Garden data breach serves as a wake-up call for organizations to prioritize cybersecurity and ensure timely software updates. The incident highlights the importance of proactive measures in preventing data breaches and minimizing damage.
In response to the breach, MSG has offered affected individuals complimentary one-year credit monitoring, report, and score through Cyberscout, a TransUnion company. This service aims to help detect misuse of personal information and provide identity theft protection.
Conclusion
The Oracle EBS 2025 campaign highlights the devastating consequences of unpatched vulnerabilities in software applications. Madison Square Garden's data breach serves as a stark reminder of the importance of timely security updates, proactive measures, and effective cybersecurity strategies. As we move forward, it is essential to prioritize our digital security and ensure that our organizations are equipped with the necessary tools and expertise to prevent similar incidents.
Key Takeaways
* The 2025 Oracle EBS hacking campaign exploited zero-day flaws in the Oracle EBS application. * Madison Square Garden was affected by the breach, which exposed sensitive data related to hiring or payments made to individuals. * The incident highlights the importance of timely software updates and proactive cybersecurity measures. * Organizations should prioritize their digital security and ensure that they have the necessary tools and expertise to prevent similar incidents.
Follow us on Twitter: @securityaffairs and Facebook and Mastodon for more cybersecurity news and insights.