Madison Square Garden Entertainment Corp. has issued breach notification letters revealing that a vulnerability in Oracle E-Business Suite allowed an unauthorized person to access employee data including Social Security numbers. At least one law firm has opened a formal investigation, and additional litigation is anticipated. Stay informed at OpenClassActions.com.
What Happened?
According to an official breach notice filed with the California Attorney General and dated February 23, 2026, Madison Square Garden Entertainment discovered that an unauthorized person exploited a previously undisclosed vulnerability in Oracle E-Business Suite — software used to manage the company’s workforce and financial operations. The unauthorized access occurred between approximately August 10 and October 21, 2025, and was discovered around December 16, 2025.
The company states that it engaged a forensic cybersecurity firm and that the vendor operating the Oracle system conducted its own investigation into the scope of the incident.
What Data Was Compromised?
The breach notice identifies the following data types as potentially affected:
- Full names
- Social Security numbers
- Other workforce and financial-related information
MSG is offering affected individuals one year of complimentary credit monitoring services through the notification program.
Investigation Status
Edelson Lechtzin LLP has publicly announced an investigation into the MSG data breach, examining the adequacy of the company’s cybersecurity measures and the timeline between the breach window, discovery, and notification. No class action complaint has been filed as of this writing, but given the involvement of Social Security numbers and the multi-month gap between the breach and notification, litigation is widely expected.
This incident is also notable because it mirrors the Oracle E-Business Suite breach at The Washington Post, suggesting a broader vulnerability pattern affecting organizations using the same enterprise software platform.
| Detail | Information |
| Company | Madison Square Garden Entertainment Corp. |
| Breach Window | August 10 – October 21, 2025 |
| Discovery Date | ~December 16, 2025 |
| Breach Notice Date | February 23, 2026 |
| Data Exposed | Names, Social Security numbers, workforce data |
| Investigating Firm | Edelson Lechtzin LLP |
| Status | Investigation — complaint expected |
What Should Affected Individuals Do?
If you are a current or former employee of Madison Square Garden Entertainment or any of its affiliated venues and entertainment properties, watch for a breach notification letter. Enroll in the offered credit monitoring service, and consider placing a credit freeze with all three major bureaus given that Social Security numbers are among the compromised data.
This page is for informational purposes and does not constitute legal advice. Visit OpenClassActions.com for class action news and open settlements.
Related Data Breach Cases on OpenClassActions
- Washington Post Employee Data Breach — Oracle E-Business Suite Hack Exposed 10,000 Records
- Wynn Resorts Hit with Class Action Lawsuits After Data Breach
- How Evidence From Past Cases Is Strengthening New Legal Claims Against Platforms
- Nvidia Hit With Certified Class Action Over Crypto Revenue Concealment
- Crunchyroll Hit with Data Breach Class Action Over User Information Exposure