Legend Senior Living Data Breach Exposes Personal and Financial Data

Legend Senior Living LLC, a senior housing and services company based in Wichita, Kansas, disclosed a data breach involving unauthorized access to its computer systems.

The breach was reported to attorneys general in Maine, Massachusetts, New Hampshire, and Texas on April 10, 2026. It is undisclosed how many total individuals were impacted as a result of the breach; however, at least 5,006 Texas residents, 12 Massachusetts residents, six Maine residents, and four New Hampshire residents were reported as affected.

Legend Senior Living discovered the breach on March 12, 2026, and notified consumers in writing on April 10, 2026.

What happened in the Legend Senior Living data breach

Upon noticing suspicious activity on its network, Legend took steps to secure its systems, launching a comprehensive investigation to confirm the scope of the activity.

Through that investigation, it was determined that an unauthorized actor gained access to certain systems and may have copied or viewed files on those systems between Jul. 27, 2025, and Aug. 15, 2025.

On Sep. 18, 2025, roughly one month after the period of unauthorized access ended, a threat actor known as Worldleaks posted a claim on the Tor network alleging it had leaked data from Legend.

Legend undertook an extensive review of the affected files to determine what information was present and to whom it related, which was preliminarily completed on March 12, 2026, approximately seven months after the unauthorized access occurred. The company then worked to reconcile records and identify missing address information in order to provide notice to affected individuals.

The types of personal information exposed in this breach included names, addresses, Social Security numbers, driver's license numbers, government-issued ID numbers such as passports, financial account information, medical and health insurance information.

Legend Senior Living's response to the breach

Legend is offering 12 months of free credit monitoring and identity theft protection services through Cyberscout, a TransUnion company. These services include single bureau credit monitoring, a credit report, a credit score and proactive fraud assistance.

Affected individuals can enroll by visiting the Cyberscout enrollment page and entering the unique code provided in their notification letter. Enrollment must be completed within 90 days of the letter's date.

Legend Senior Living has also set up a dedicated toll-free assistance line for those with questions. Affected individuals can call 1-833-289-9995 between 8 a.m. and 8 p.m. Eastern time, Monday through Friday, excluding holidays.

They may also write to the company at 8415 E 21st St. N, #100, Wichita, Kansas 67206.

Steps to take if your information was exposed

• Place a credit freeze with all three credit bureaus. Contact Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-833-799-5355) to prevent new accounts from being opened without authorization.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, inquiries or other suspicious activity.
• Monitor bank and financial account statements closely. Because financial account details were part of this breach, check statements regularly for unauthorized transactions and report anything suspicious to the financial institution right away.
• Consider placing a fraud alert with one of the three major credit bureaus, which will require businesses to take extra steps to verify identity before extending new credit in your name.
• Be cautious of phishing attempts that reference Legend Senior Living or this data breach by name, as scammers sometimes use real breach notifications to trick people into sharing more personal information.
• File a report with the FTC at IdentityTheft.gov if there are any signs of identity theft or fraud, and consider filing a police report as well.