Legends International, LLC began notifying individuals that their personal information was exposed in a cybersecurity breach first detected nearly five months ago.
The incident affects employees and visitors to venues managed by the global sports and entertainment firm, with sensitive data, including Social Security numbers and financial information, potentially compromised.
Breach Details and Timeline
According to notification letters sent to affected individuals, the breach was discovered on November 9, 2024, when Legends identified unauthorized activity on its IT systems.
The company immediately took steps to terminate the malicious activity and took certain systems offline as a precautionary measure.
“An investigation was launched with assistance from external cybersecurity experts.
Law enforcement was also notified,” the company stated in its breach notification letter.
The subsequent investigation confirmed that unauthorized actors had accessed and acquired files containing personal information.
While specific data elements vary by individual, the compromised information may include Social Security numbers, driver’s license numbers, government-issued ID numbers, financial account details, medical information, health insurance information, and dates of birth.
Scope of the Incident
According to filings with state authorities, the breach has impacted at least 8,065 individuals – 8,060 in Texas and 5 in Massachusetts.
However, the total number of affected individuals could be significantly higher, with one source reporting that over 118,000 people may have been affected nationwide.
Legends International has stated that it appears to have had individuals’ personal information in these files because they “either worked at or visited a venue managed by Legends”.
The company has not disclosed which specific venues were involved.
Response and Remediation Efforts
Legends International maintains it had cybersecurity measures in place before the incident and has since taken steps to strengthen its security controls.
While the company states it is not aware of any misuse of personal information resulting from the breach, it is offering affected individuals a complimentary 24-month membership to Experian’s IdentityWorks service.
The service includes credit monitoring, identity restoration support, and up to $1 million in identity theft insurance. Affected individuals must enroll by July 31, 2025.
Company Background
Founded in 2008, Legends International is headquartered in New York with offices across Europe, including England, Germany, Spain, and Italy.
The company employs over 1,000 people and offers comprehensive services for sports and entertainment venues, including strategic planning, sales, partnerships, hospitality, merchandise, and technology solutions.
Recommendations for Affected Individuals
The company advises those affected to remain vigilant against identity theft by regularly reviewing account statements and credit reports for unauthorized activity.
Individuals who received notification letters should consider enrolling in the offered credit monitoring service before the July 31 deadline.
Those with questions about the incident can contact the dedicated call center at 833-918-5930, available Monday through Friday from 8 a.m. to 8 p.m. CST.
At this time, no criminal group has claimed responsibility for the attack, and the investigation remains ongoing.
The company has not disclosed technical details about how the breach occurred.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The incident affects employees and visitors to venues managed by the global sports and entertainment firm, with sensitive data.){kind=link}