Legends International, a prominent sports venue support company with reported sales of $1.7 billion, has recently notified customers and employees of a cyberattack targeting its IT systems. The company, based in the United States, communicated the breach in letters sent out earlier this week, revealing that sensitive personal information had been compromised. While specific details about the attack remain limited, the Texas Office of the Attorney General was informed that the data breach potentially encompasses a range of personal identifiers, including dates of birth, Social Security numbers, driver’s license and government ID numbers, as well as payment card, medical, and health insurance information.
The breach was identified on November 9, 2024, when Legends International discovered unauthorized activities within its systems. Upon recognizing the incident, the company swiftly took measures to terminate the intrusive activity and temporarily offline certain systems as a precautionary measure. To further address and investigate the breach, Legends engaged cybersecurity experts and alerted law enforcement authorities.
Despite the company’s disclosure, critical questions remain unanswered. It is unclear how many individuals have been affected by this breach, whether the incident involved ransomware, and the identity of the attackers. Cybersecurity expert Lawrence Pingree, Vice President at Dispersive, noted that the lack of detailed information about the ransomware’s involvement prevents any definitive assumptions. He emphasized that data breaches can occur independently of ransomware and highlighted that current trends show a preference for ransomware attacks, which often occur due to a division between those deploying infostealers and those executing ransomware campaigns.
Jason Soroko, a senior fellow at Sectigo, commented that organizations such as Legends International often handle a significant amount of personally identifiable information (PII) while operating under thin IT margins, making them appealing targets for cyber adversaries. He suggested that venue owners should reassess their cybersecurity strategies by elevating food-service vendors to a critical supplier status, implementing zero-trust segmentation, and ensuring consistent log-sharing practices, along with conducting post-breach sweeps of the dark web.
As the investigation unfolds, it may be beneficial to reference the MITRE ATT&CK framework to understand the potential tactics and techniques employed in this incident. Initial access could have been gained through phishing or exploiting known vulnerabilities, while persistence and privilege escalation may have been achieved through credential theft or lateral movement within the network. Comprehensive scrutiny of these aspects will be vital in assuring stakeholders and mitigating future risks. As Legends International works to fortify its security posture, this incident serves as a stark reminder of the increasing cyber threats facing businesses today.
