Legacy Professionals Data Breach Exposes PII & PHI

Published
March 6, 2025
Updated
March 16, 2025
Legacy Professionals Data Breach Exposes PII & PHI
Legacy Professionals, LLP
Types of INFORMATION affected
  • Names
    Names
  • Social security numbers
    Social Security Numbers
  • Dates of birth
    Dates of Birth
  • Addresses
    Addresses
  • Government IDs
    Government IDs
  • Medical Information
    Medical Info
  • Financial Info
    Financial Info

Affected by the

Legacy Professionals, LLP

data breach?

Join the Lawsuit

It's free to join. 

On January 31, 2025, Legacy Professionals, LLP discovered a significant data breach impacting 216,752 individuals across the United States. The breach occurred on two separate days—April 25 and April 30, 2024—when unauthorized actors gained access to the company's computer network.

Legacy Professionals LLP, an accounting firm based in Westchester, IL, promptly took steps to secure its systems and launched an investigation with the assistance of cybersecurity specialists.

The investigation revealed that the breach involved ransomware, specifically the LockBit 3.0 ransomware variant. The cybercriminal group responsible, LockBit 3.0, claimed responsibility for the attack and announced on the dark web that they had published Legacy Professionals LLP's data on August 25, 2024. The stolen data included sensitive personal information of clients and other individuals associated with the firm.

LOCKBIT 3.0 posts Legacy Professionals LLP ransom demand on the Dark Web

The types of consumer information exposed in this breach include:

  • Full names of individuals
  • Social Security numbers
  • Driver’s license numbers
  • Government-issued ID numbers (such as passports or state ID cards)
  • Financial information (e.g., account numbers, credit or debit card numbers)
  • Medical information
  • Health insurance information

Legacy Professionals confirmed that the breach affected 4,939 individuals in Texas, 501 individuals in Massachusetts, and 60 individuals in Maine. The firm notified impacted consumers by written notice via U.S. Mail on February 27, 2025.

The breach was reported to multiple state attorney general offices, including California on March 4, 2025, Texas on March 4, 2025, Massachusetts on February 28, 2025, and Maine on March 1, 2025. Additionally, the breach was reported to the U.S. Department of Health and Human Services on February 28, 2025.

Legacy Professionals LLP's Response

Upon discovering the breach, Legacy Professionals LLP secured its network environment and began an extensive investigation into the incident. The company engaged a third-party cybersecurity specialist to determine the scope and impact of the breach. Legacy Professionals LLP also reported the incident to federal law enforcement authorities.

To support those affected, Legacy Professionals LLP is offering complimentary credit monitoring and identity theft protection services through IDX for a period of 24 months. Impacted individuals can enroll in these services by visiting the dedicated enrollment page provided by Legacy Professionals LLP. The enrollment deadline is May 27, 2025.

Individuals affected by this breach should remain vigilant and closely monitor their financial accounts and credit reports for any suspicious activity. Consumers are encouraged to enroll promptly in the free identity protection services provided, review their credit reports regularly, and consider placing fraud alerts or credit freezes on their credit files.

For additional details, impacted individuals can review the official data breach notification posted on the websites of:

About Legacy Professionals, LLP

Legacy Professionals LLP is a certified public accounting firm headquartered in Westchester, IL, with additional offices in Schererville, IN, and Edina, MN. Founded in 2003, the firm provides specialized audit, accounting, tax, and payroll compliance audit services to a variety of industries, including employee benefit plans, labor organizations, nonprofit entities, government entities, and small to medium-sized businesses.

The firm currently has 35 partners and principals and employs over 180 professionals who serve clients nationwide. Legacy Professionals LLP is recognized for its expertise in employee benefit plans and payroll compliance audits, often contributing as thought leaders at industry conferences.

Notice Letter

This browser does not support inline PDFs. Please download the PDF to view it: Download PDF

Consumers Notification date
February 27, 2025
Date of Breach
April 30, 2024
Breach Discovered Date
January 31, 2025
Total People Affected
216752
Information Types Exposed
  • Name of individual
  • Social Security Number Information
  • Driver’s License number
  • Government-issued ID number (e.g. passport, state ID card)
  • Financial Information (e.g. account number, credit or debit card number)
  • Medical
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image
CTA Image