Madison Square Garden hit by network compromise linked to Cl0p
Incident
Summary
Hide ▲
Show ▼
Madison Square Garden confirmed a data breach that exposed names and SSNs, and it has started notifying affected people. The compromise involved a hosted Oracle E-Business Suite instance managed by a third-party vendor. Hackers stole the data in August 2025, and MSG says 11 Maine residents were impacted. The breach is linked to the broader Cl0p Oracle EBS extortion campaign, making the incident a confirmed victim-facing disclosure event.
Related Happenings
US National Association of Insurance Commissioners (NAIC) hit by network compromise
Incident
H score80
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
About this happening:
**NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
US National Association of Insurance Commissioners (NAIC) hit by network compromise
IncidentAbout this happening: **NAIC** disclosed a **security breach** that exposed **US citizens’ credit rating data** and briefly disrupted operations tied to **Oracle PeopleSoft**. The breach was detected o...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation Wave
H score82
First: 29.06.2026 13:00
Last: 29.06.2026 13:00
Sources 1
About this happening:
A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
Oracle PeopleSoft broad zero-day exploitation campaign
Exploitation WaveAbout this happening: A **broad PeopleSoft zero-day exploitation campaign** exposed **multiple organizations** to compromise after attackers abused a **previously unknown Oracle PeopleSoft vulnerabilit...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data Leak
H score46
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
ShinyHunters Oracle PeopleSoft data theft from 300 instances
Data LeakAbout this happening: The **ShinyHunters** data-leak event against **Oracle PeopleSoft** instances exposed data from **300 instances** across **100+ organizations**, expanding the risk of theft-driven...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
Vulnerability
H score58
First: 11.06.2026 22:39
Last: 11.06.2026 22:39
Sources 1
About this happening:
**Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Oracle PeopleSoft PeopleTools zero-day RCE (CVE-2026-35273)
VulnerabilityAbout this happening: **Oracle PeopleSoft PeopleTools CVE-2026-35273** is a critical **zero-day RCE** affecting **PeopleSoft Enterprise PeopleTools 8.61 and 8.62**. Oracle released **emergency mitigati...
Latest development: 29.06.2026 23:40
Nissan says it suffered a data breach affecting current and former employees after attackers exploited an Oracle PeopleSoft zero-day associated with CVE-2026-35273. Oracle informed Nissan that personnel records of hundreds of companies may have been obtained and that Nissan was specifically targeted, with potentially exposed data including contact details, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary data for employees in the United States, Canada, Mexico, and Brazil.
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
Campaign
H score60
First: 10.06.2026 21:31
Last: 10.06.2026 21:31
Sources 1
About this happening:
**ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
ShinyHunters Oracle PeopleSoft data theft and extortion campaign
CampaignAbout this happening: **ShinyHunters**/**UNC6240** used **CVE-2026-35273** in **Oracle PeopleSoft Enterprise PeopleTools** as a **zero-day** to break into exposed systems, steal data, and extort victim...
Latest development: 29.06.2026 23:40
Nissan says attackers exploited an Oracle PeopleSoft vulnerability in a ShinyHunters-linked campaign and that the company was specifically targeted, with personal information for current and former employees in the United States, Canada, Mexico, and Brazil potentially exposed. Nissan says the material may include employee contact information, banking information, Social Security numbers, Social Insurance Numbers, National Identification Numbers, financial and tax information, and dependent and beneficiary information, and the company has activated incident response, engaged external cybersecurity experts, secured affected systems, and is working with Oracle.
Timeline
-
02.03.2026 15:53 2 articles · 4mo ago
MSG confirms Oracle EBS data breach and begins notifications
Initial DisclosureMadison Square Garden confirmed being impacted by a data breach tied to the Cl0p Oracle E-Business Suite (EBS) campaign, said personal information including names and SSNs was compromised, and began notifying affected individuals after a third-party vendor investigation found that data was stolen in August 2025; MSG also told the Maine Attorney General’s Office that 11 Maine residents are impacted.
Show sources
- Madison Square Garden Data Breach Confirmed Months After Hacker Attack — www.securityweek.com — 02.03.2026 15:53
- Madison Square Garden Data Breach Confirmed Months After Hacker Attack — www.securityweek.com — 02.03.2026 15:53