好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。首先,我得仔细阅读文章,理解主要内容。 文章主要讲的是Madison Square Garden(MSG)遭受了数据泄露事件,这次事件是2025年Oracle EBS黑客活动的一部分。Cl0p勒索软件团伙利用零日漏洞入侵了超过100家公司,包括MSG。攻击者窃取了大量数据,并在MSG拒绝支付赎金后泄露了这些信息。泄露的数据包括员工和社会安全号码等敏感信息。MSG已经通知执法部门,并为受影响的个人提供了信用监控服务。 接下来,我需要将这些信息浓缩到100字以内,同时保持关键点:MSG的数据泄露、Oracle EBS黑客活动、Cl0p团伙、零日漏洞、敏感数据泄露、信用监控服务。 可能的结构是: MSG因2025年Oracle EBS黑客活动遭遇数据泄露,涉及敏感信息如SSN。Cl0p团伙利用零日漏洞入侵,导致210GB数据外泄。公司已通知执法部门并提供信用监控服务。 检查一下字数是否在限制内,并确保没有遗漏重要信息。 </think> Madison Square Garden遭遇数据泄露事件,涉及敏感员工和社会安全号码信息。此次事件系2025年针对Oracle EBS系统的黑客活动所致,Cl0p勒索团伙利用零日漏洞入侵并窃取大量数据。公司已向执法部门报告,并为受影响者提供信用监控服务以防范身份盗窃风险。 2026-3-3 15:42:56 Author: securityaffairs.com(查看原文) 阅读量:11 收藏
Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked
Madison Square Garden confirmed a data breach tied to the 2025 Oracle E-Business Suite hacking campaign.
Madison Square Garden (MSG) has confirmed it was affected by a data breach linked to the 2025 cybercrime campaign targeting Oracle’s E-Business Suite (EBS) customers.
Madison Square Garden (MSG) is a world-famous multi-purpose indoor arena located in New York City, USA. It hosts sports events, concerts, and entertainment shows. MSG is home to the New York Knicks (NBA) and New York Rangers (NHL) and is renowned for its history, iconic location, and large-scale live events.
The incident, disclosed months after the initial attacks, places the company among numerous organizations compromised in the large-scale hacking operation exploiting Oracle EBS environments.
In the Oracle EBS hacking campaign, the Cl0p ransomware group exploited zero-day flaws to access data from over 100 organizations, including MSG, in November 2025. MSG refused to pay the ransom, then the extortion group leaked more than 210GB of the company’s archived files, exposing sensitive information.
“The Oracle eBusiness Suite, hosted and managed for us by a vendor, is used for certain workforce and financial operations. Oracle notified its customers that a previously undisclosed condition in the application had been exploited by an unauthorized person to gain access to data from the application. There are reports that this occurred at over 100 companies.” reads the data breach notification letter sent to the Maine Attorney General’s Office. “Our vendor began an investigation, and a forensic firm was also engaged. The investigation determined in late November 2025 that an unauthorized person gained access to some data from the application in August 2025. What Information Was Involved? We reviewed the files, which were part of business records related to hiring or payments made to individuals, and in December 2025, determined that a file containing your name and Social Security number was involved.”
In October 2025, Oracle released an emergency patch to address a critical vulnerability, tracked as CVE-2025-61882 (CVSS 9.8) in its E-Business Suite.
The flaw was exploited by the Cl0p ransomware group in data theft attacks. Unauthenticated remote attackers can exploit the flaw to take control of the Oracle Concurrent Processing component.
Madison Square Garden alerted law enforcement and began notifying affected individuals after a third-party vendor confirmed that hackers had stolen personal data from its Oracle EBS system in August 2025.
MSG is offering affected individuals a complimentary one-year credit monitoring, report, and score through Cyberscout, a TransUnion company, to help detect misuse of personal information and provide identity theft protection. Instructions to activate the service and additional recommended steps are provided in the following pages.
“We confirmed that our vendor successfully implemented measures recommended by Oracle for the application to prevent a recurrence. We also notified law enforcement.” concludes the letter.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, MSG)
如有侵权请联系:admin#unsafe.sh