Legends International, the large sports venue support company with reportedly $1.7 billion in sales, earlier this week sent out letters to some customers and employees that it was the victim of a cyberattack.While extensive details of the attack were not released, the company told the Texas Office of the Attorney General that the compromised information includes the following: dates of birth, Social Security numbers, driver’s license and government ID numbers, and payment card, medical, and health insurance information.According to the April 15 letter, on Nov. 9, 2024, the company identified certain unauthorized activity occurring in its IT systems. After learning of the attack, the company terminated the activity, and took some systems offline as a precaution.Legends then hired cybersecurity experts to investigate the incident and help identify where they could strengthen their IT security systems and contacted law enforcement.Even with the disclosure, we still don’t know how many people were impacted, if it was a ransomware event, and who the attackers were.Lawrence Pingree, vice president at Dispersive, said that if they are only declaring a breach and not disclosing details of the ransomware, we can’t assume it’s ransomware, adding that data breaches can certainly happen without ransomware involved.“The reason that ransomware is preferred these days is that there’s typically a separation between those who infect folks with infostealers and then those who infect systems with ransomware or send ransomware demands based on accounts being taken over,” explained Pingree. “So hard to say here without more detail, but in either case we continue to see breaches.”Jason Soroko, senior fellow at Sectigo, said firms like Legends International store fan PII, but run on slim IT margins, making them attractive, low‑hanging targets. “Venue owners should consider pushing food‑service vendors into the ‘critical supplier’ tier and require zero‑trust segmentation, SOC‑reported log sharing, and post‑breach dark‑web sweeps.”
