Entertainment venue management giant Legends International reveals major data breach

News
By published

Company lost sensitive data in the November 2024 breach

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
(Image credit: Shutterstock / JLStock)
  • Legends International releases a data breach notification letter
  • It says it suffered a cyberattack and data breach in November 2024
  • The investigation into the nature of the stolen data is ongoing

Legends International, a company providing premium services for sports and entertainment venues, has confirmed suffering a cyberattack and losing sensitive data.

In a sample data breach notification letter, the company said that it identified “unauthorized activity” on its IT systems in early November, 2024.

After taking parts of its infrastructure down and running an investigation, it discovered that “certain Legends files” had been accessed and exfiltrated during the attack.

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Under investigation

The letter does not discuss the nature of the data stolen, so we don’t know if it’s the usual (names, email addresses, postal addresses), or if it includes more sensitive information (payment data, driver’s license numbers, Social Security numbers, etc.).

Basic information, belonging to former employees and customers, is most likely taken, given how Legends worded it in the letter: “It appears that Legends had your personal information in these files because you either worked at or visited a venue managed by Legends.”

The company offered 24 months of free identity theft services to affected individuals, through Experian. Victims have until July 31, 2025, to sign up.

This, CyberInsider argues, could mean that "highly sensitive personal data" was taken, as well.

The investigation seems to be ongoing, and law enforcement has been notified. Therefore, we still don’t know how many people might have been affected. However, since the organization is rather large, it could be a major incident.

Legends International employs roughly 5,800 people across six continents and recently reported an estimated annual revenue of $1.7 billion for the period ending March 31, 2024.​

At press time, no threat actors assumed responsibility for the attack, and Legends hasn’t found the data being shared anywhere online just yet.

Still, the company urged its former employees and customers to remain vigilant and keep a close eye on their account statements and credit history for any signs of unauthorized transactions.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.