Last updated 1 month ago
Madison Square Garden, a major entertainment venue operator, confirmed a data breach resulting from the 2025 cybercrime campaign targeting Oracle E-Business Suite customers. The breach exposed sensitive organizational data, though specific record counts and affected user populations remain undisclosed. The incident represents a supply chain attack affecting multiple Oracle EBS customers globally.
The attack exploited vulnerabilities in Oracle's E-Business Suite infrastructure, compromising Madison Square Garden's systems through this third-party software dependency. Attackers gained unauthorized access to sensitive organizational data, though the article does not specify exact data types exfiltrated beyond general 'sensitive data.' No specific threat actor attribution or CVE references were provided in the available information.
Madison Square Garden publicly confirmed the breach in March 2026, though the exact timeline between initial compromise and public disclosure remains unspecified. The organization has acknowledged the incident but has not provided details about containment measures, remediation efforts, or regulatory notifications.
Targeted cybercrime campaign exploiting vulnerabilities in Oracle's E-Business Suite (EBS)
This breach demonstrates the critical risk of supply chain attacks through enterprise software dependencies, particularly when using widely deployed platforms like Oracle EBS. Organizations must implement enhanced monitoring and segmentation for third-party application environments, especially when those systems handle sensitive operational data. The incident highlights the need for accelerated patch management cycles and compensating controls for critical business applications.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector