Pierluigi Paganini April 18, 2025

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues.

Legends International is a global leader in sports and entertainment venue management, specializing in delivering comprehensive solutions for stadiums, arenas, and attractions.

The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise, and technology solutions.

On November 9, 2024, Legends International detected unauthorized activity on its IT systems, took action to stop it, and launched an investigation with the help of external cybersecurity experts.

“On November 9, 2024, we identified certain unauthorized activity occurring on our IT systems. After learning of this, we began taking steps to terminate the activity, and took certain of our systems offline as a precaution. An investigation was launched with assistance from external cybersecurity experts. Law enforcement was also notified.” reads the data breach notification letter sent to impacter individuals. “We subsequently determined that certain Legends files had been accessed and acquired during the unauthorized activity. A review was initiated to determine if any personal information was included in those files and to whom that personal information pertains.”

The investigation revealed that some files were accessed, and the company confirmed that a review is underway to determine if personal data was involved.

Legends said they had security measures in place before the incident and enhanced them afterward. The company is not aware of any misuse of personal data, but 24 months of free Experian IdentityWorks are offered as a precaution.

The company has not disclosed the number of affected individuals, nor has it provided technical details about the attack.

At this time, no criminal group has claimed responsibility for the attack.

The company advises staying vigilant against identity theft or fraud by regularly reviewing account statements and credit history for unauthorized activity. They also recommend enrolling in their credit monitoring service and refer to Attachment B for more information on protecting personal information.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Legends International)