- Legends International releases a data breach notification letter
- It says it suffered a cyberattack and data breach in November 2024
- The investigation into the nature of the stolen data is ongoing
Legends International, a company providing premium services for sports and entertainment venues, has confirmed suffering a cyberattack and losing sensitive data.
In a sample data breach notification letter, the company said that it identified “unauthorized activity” on its IT systems in early November, 2024.
After taking parts of its infrastructure down and running an investigation, it discovered that “certain Legends files” had been accessed and exfiltrated during the attack.
Under investigation
The letter does not discuss the nature of the data stolen, so we don’t know if it’s the usual (names, email addresses, postal addresses), or if it includes more sensitive information (payment data, driver’s license numbers, Social Security numbers, etc.).
Basic information, belonging to former employees and customers, is most likely taken, given how Legends worded it in the letter: “It appears that Legends had your personal information in these files because you either worked at or visited a venue managed by Legends.”
The company offered 24 months of free identity theft services to affected individuals, through Experian. Victims have until July 31, 2025, to sign up.
This, CyberInsider argues, could mean that “highly sensitive personal data” was taken, as well.
The investigation seems to be ongoing, and law enforcement has been notified. Therefore, we still don’t know how many people might have been affected. However, since the organization is rather large, it could be a major incident.
Legends International employs roughly 5,800 people across six continents and recently reported an estimated annual revenue of $1.7 billion for the period ending March 31, 2024.
At press time, no threat actors assumed responsibility for the attack, and Legends hasn’t found the data being shared anywhere online just yet.
Still, the company urged its former employees and customers to remain vigilant and keep a close eye on their account statements and credit history for any signs of unauthorized transactions.
