The MSG Entertainment data breach involved the unauthorized access of sensitive information for 131,070 individuals after the Clop ransomware group exploited a zero-day vulnerability in a vendor-hosted Oracle eBusiness Suite. Between August and October 2025, attackers exfiltrated full names, physical addresses, and Social Security numbers, leading to formal notifications and a medium-severity classification due to the high risk of identity theft.

MSG Entertainment recently disclosed a significant security incident involving its Oracle eBusiness Suite application which resulted in the exposure of personal data for over one hundred thousand individuals. The breach was carried out over a period of several months starting in August 2025 and was eventually detected by the organization toward the end of that year. While the company began issuing formal notifications in early 2026, the discovery of the intrusion on December 16, 2025, revealed a substantial gap between the initial compromise and the internal detection of the unauthorized activity.

The investigation into the incident identified the Clop ransomware group as the primary threat actor responsible for the attack. This group is known for its sophisticated use of zero-day vulnerabilities to target enterprise resource planning systems and other high-value vendor-hosted environments. Unlike many other cybercriminal organizations that prioritize encrypting local files to demand a ransom, this specific group often focuses on mass data exfiltration. By stealing sensitive information directly, they can exert pressure on organizations through extortion without needing to lock down the target's internal infrastructure.

The specific data compromised during this breach includes highly sensitive identifiers such as full names, physical addresses, and Social Security numbers. Because this information is permanent and cannot be easily changed by the victims, the incident has been classified as a medium-severity event that poses a long-term risk of identity theft and financial fraud. The exposure of Social Security numbers is particularly concerning for the affected individuals, as these digits are frequently used by malicious parties to open fraudulent accounts or claim government benefits.

Cybersecurity researchers noted that this attack was part of a larger one-to-many campaign executed by the threat actors against dozens of organizations using the same Oracle vulnerability. This strategy allowed the attackers to maximize their impact by hitting multiple targets simultaneously through a single entry point in a common software suite. The nature of the campaign suggests that the attackers were specifically seeking out sensitive databases that house large volumes of personally identifiable information for the purpose of large-scale extortion.

In response to the breach, MSG Entertainment has taken steps to address the vulnerabilities within its vendor-hosted systems and provide resources for those impacted. The situation serves as a reminder of the persistent risks associated with third-party software hosting and the need for continuous monitoring of enterprise applications. As the threat landscape evolves, the focus for many large organizations has shifted toward mitigating the impact of exfiltration tactics used by groups like Clop to protect the long-term privacy of their stakeholders and employees.

Source: Madison Square Garden Entertainment Reports Data Breach Tied To Oracle EBS Incident