Live events giant Legends International has started notifying some employees and customers that their personal information was compromised as a result of a cyberattack.
Legends International provides food, beverage, merchandise, retail, and venue operations services for sporting, entertainment and other live events. The company is based in New York and has offices in several major US and European cities.
Data breach notices that are being sent out to impacted individuals reveal that the company detected unauthorized activity on its systems on November 9, 2024. Systems were taken offline to contain the incident and an investigation revealed that some files containing personal information were exfiltrated during the intrusion.
Legends told the Texas Office of the Attorney General that the compromised information includes dates of birth, SSNs, driver’s license numbers, government ID numbers, payment card information, medical information, and health insurance information.
The Texas AG has been told that the number of Texans impacted by the incident exceeds 8,000. It’s unclear how many people were affected by the data breach in total.
The company says there is no evidence that the compromised personal information has been misused, but impacted individuals are being offered two years of free identity protection services.
Legends’ response to the incident (ie, taking systems offline) is the typical action taken when dealing with a ransomware attack, but no known ransomware group appears to have taken credit for the hack.
SecurityWeek has reached out to Legends for additional information, including the number of impacted individuals and whether this was indeed a ransomware attack, and will update this article if the company responds.
Related: Ransomware Group Claims Hacking of Oregon Regulator After Data Breach Denial
Related: Insurance Firm Lemonade Says API Glitch Exposed Some Driver’s License Numbers
Related: 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches