Oracle EBS 2025 campaign impacts Madison Square Garden, sensitive data leaked

A recent data breach at Madison Square Garden has been linked to the 2025 Oracle E-Business Suite hacking campaign, resulting in the exposure of sensitive information. The campaign, which has targeted numerous organizations, has successfully compromised the systems of the renowned multi-purpose indoor arena, home to the New York Knicks and New York Rangers. The breach is particularly concerning given the arena's high-profile events and vast customer base. Oracle's E-Business Suite, a comprehensive set of enterprise resource planning and enterprise management tools, has been vulnerable to exploitation by threat actors, with the 2025 campaign highlighting the need for prompt patching and security updates. The specific vulnerabilities exploited in the campaign have not been disclosed, but it is likely that unpatched CVEs were used to gain initial access to the targeted systems. Madison Square Garden's confirmation of the breach¹ underscores the severity of the issue and the potential consequences for organizations that fail to prioritize cybersecurity. So what matters to practitioners is that this incident serves as a stark reminder of the importance of proactive security measures, particularly for large enterprises with complex systems like Oracle EBS, to prevent similar breaches and protect sensitive data.