Data breach reported for Madison Square Garden Entertainment Due to Oracle EBS Breach

Key facts: MSG Entertainment data breach

• Total Individuals Affected: 131,070
• Threat Actor: Clop (Cl0p) Ransomware Group (exploiting a zero-day vulnerability).
• Target System: Vendor-hosted Oracle eBusiness Suite (EBS).
• Data Types: Full names, physical addresses, and Social Security numbers (SSNs).

Start continuous breach monitoring with UpGuard.

What happened in the MSG Entertainment data breach?

MSG Entertainment (msgentertainment.com) disclosed a data breach on February 26, 2026, involving unauthorized access to its Oracle eBusiness Suite application. The incident occurred between August 10, 2025, and October 21, 2025, and was later discovered by the organization on December 16, 2025. No specific threat actor has been identified in connection with this security event, which the company began addressing through formal notifications in early 2026.

The breach resulted in the exposure of sensitive personal information, specifically the names and Social Security numbers of affected individuals. This incident is classified as medium severity because it involves highly sensitive identifiers that require immediate protective action. The unauthorized access to the Oracle EBS application highlights potential vulnerabilities in enterprise resource planning systems. Such incidents typically carry risks of identity theft and long-term financial fraud if the data is misused by malicious parties.

Who is behind the incident?

Cybersecurity researchers have linked this breach to the Clop (Cl0p) ransomware group. In late 2025, Clop conducted a massive "one-to-many" campaign targeting dozens of organizations using the same Oracle EBS vulnerability. Unlike traditional ransomware, Clop frequently skips encrypting files and instead focuses on mass data exfiltration to extort companies.

Impact and risks for MSG Entertainment customers

For affected individuals, the exposure of Social Security numbers and names presents significant risks, including identity theft and credential abuse. Malicious actors could potentially use this information to open fraudulent accounts or conduct targeted phishing campaigns against the victims. Because the data includes permanent identifiers like Social Security numbers, the impact on those involved may persist for an extended period, requiring constant vigilance over personal records and credit reports.

Typical outcomes for such breaches include increased fraudulent activity and the need for credit monitoring services. Affected parties should consider freezing their credit, enabling multi-factor authentication on all sensitive accounts, and monitoring financial statements closely for any discrepancies. Transparent reporting from the company helps individuals take these necessary steps to mitigate further damage.

Frequently Asked Questions

What happened in the MSG Entertainment security breach?

On February 26, 2026, MSG Entertainment confirmed that an unauthorized third party exploited a zero-day vulnerability (CVE-2025-61882) in its Oracle eBusiness Suite between August and October 2025.

When did the MSG Entertainment breach occur?

The MSG Entertainment breach was publicly reported on February 26, 2026. The exact date of the attack has not been disclosed, though the unauthorized access was active between August 10, 2025, and October 21, 2025.

What data was exposed?

The types of data involved in the MSG Entertainment incident have not been fully disclosed, though reports confirm that names and Social Security numbers were compromised. This page will be updated as verified information becomes available.

Is my personal information at risk?

If you interacted with MSG Entertainment, there's a possibility your personal information could be affected. Similar incidents often involve email addresses, login details, or financial records. Stay alert for updates and take precautionary measures to secure your accounts.

How can I protect myself after this data breach?

• Change your passwords immediately and use unique credentials for every site.
• Enable multi-factor authentication (MFA) on all financial and personal accounts.
• Monitor your credit reports and financial statements for unauthorized activity.
• Be wary of unsolicited communications or phishing attempts.
• Use data breach monitoring tools to stay informed about your information.
• If you were a vendor or employee, ensure that any password used for MSG systems is not reused anywhere else. Clop often sells "credential lists" on the dark web alongside stolen SSNs

What steps should companies take after being impacted by this breach?

MSG Entertainment is expected to secure its systems, notify affected parties, and provide guidance on protective actions. Companies in this position typically review security measures and deploy attack surface management to prevent future unauthorized access to enterprise applications.