Oracle EBS breach hits Madison Square Garden

SecurityWeek reports that New York-based Madison Square Garden has confirmed the compromise of its data following the Clop ransomware operation's sweeping attacks exploiting Oracle E-Business Suite vulnerabilities. Infiltration of a third-party vendor-hosted and operated Oracle EBS instances allowed threat actors to exfiltrate names, Social Security numbers, and other personal data, according to MSG Entertainment, which confirmed a data leak after its refusal to pay its hackers' demands. While no total number of impacted individuals has been provided in breach notices sent to victims, MSG Entertainment's filing with Maine regulators revealed the incident to have affected 11 residents of the state. Such a development comes after the Clop ransomware gang claimed to have stolen over 210 GB of archived material from MSG in November. More than 100 organizations have already been compromised by Clop as a result of the Oracle EBS hack.