Legends International Reports Data Breach, Impacting Employees and Venue Visitors
TL;DR
Legends International, a leading sports and entertainment venue management firm, has disclosed a data breach affecting employees and visitors. The breach, identified in November 2024, prompted the company to take immediate action and launch an investigation with external cybersecurity experts. No personal data misuse has been reported, but the company is offering free credit monitoring services as a precaution.
Main Content
Legends International, a global leader in sports and entertainment venue management, recently disclosed a data breach that occurred in November 2024. The breach affected both employees and visitors to the venues managed by the company. Legends International is renowned for providing comprehensive solutions for stadiums, arenas, and attractions, encompassing strategic planning, sales, partnerships, hospitality, merchandise, and technology solutions.
Discovery and Response
On November 9, 2024, Legends International detected unauthorized activity on its IT systems. The company took swift action to halt the activity and launched an investigation with the assistance of external cybersecurity experts. Law enforcement was also notified.
According to the data breach notification letter sent to affected individuals, Legends International stated:
“We identified certain unauthorized activity occurring on our IT systems. After learning of this, we began taking steps to terminate the activity, and took certain of our systems offline as a precaution. An investigation was launched with assistance from external cybersecurity experts. Law enforcement was also notified.”
Investigation Findings
The investigation revealed that some files were accessed during the unauthorized activity. Legends International confirmed that a review is underway to determine if personal data was involved and to identify the individuals affected.
“We subsequently determined that certain Legends files had been accessed and acquired during the unauthorized activity. A review was initiated to determine if any personal information was included in those files and to whom that personal information pertains.”
Security Measures and Precautions
Legends International assured that security measures were in place before the incident and have been enhanced afterward. Although the company is not aware of any misuse of personal data, it is offering 24 months of free Experian IdentityWorks as a precaution.
The company has not disclosed the number of affected individuals, nor has it provided technical details about the attack. At this time, no criminal group has claimed responsibility for the attack.
Recommendations for Affected Individuals
Legends International advises affected individuals to stay vigilant against identity theft or fraud by regularly reviewing account statements and credit history for unauthorized activity. They also recommend enrolling in their credit monitoring service and refer to Attachment B for more information on protecting personal information.
Conclusion
The data breach at Legends International highlights the importance of robust cybersecurity measures and prompt incident response. While the company has taken steps to mitigate the impact, the incident serves as a reminder for organizations to remain vigilant against cyber threats.
Additional Resources
For further insights, check:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
SecurityAffairs – hacking, Legends International