Legend Senior Living Breach

Company: Legend Senior Living (senior living operator)
HQ: Wichita, KS; operates across CO, FL, KS, MO, OK, PA, TX
Domain: legendseniorliving.com

What we know:
DataBreach.com parsing found 409,300 emails, 996,000 home addresses, 576,000 phone numbers, and 32,700 SSNs.

Timeline: Incident surfaced publicly in mid-September 2025; no company or regulator notice located yet
Vector: Unknown; no description of initial access or exfiltration from the company
Actor: Worldleaks posted a claim
Official count: Not published
Last updated: November 13, 2025

What happened

There is no public notice on the company website and no regulator filing located at time of publication.
Legend Senior Living appeared on a threat-actor leak site monitored by multiple ransomware-tracking services. No official timeline, technical description or intrusion vector has been released by the company. The incident currently relies on threat-actor claims and external monitoring sources.

Who’s behind it

Worldleaks is a data-extortion group active since 2025 that operates a leak site used to pressure victims with “steal-and-publish” tactics. The group often emphasizes data release over traditional disk encryption.
Researchers have described Worldleaks as potentially connected to, or derivative of, the Hunters International lineage - itself linked by various analysts to the older Hive ecosystem.
Worldleaks listed Legend Senior Living in September 2025. The company has not issued any indicators confirming attribution.

What was breached

DataBreach.com parsing (distinct values):

• 409,300 unique emails
• 996,000 unique home addresses
• 576,000 unique phone numbers
• 32,700 unique Social Security numbers

Distinct counts may overlap across individuals.
Official totals may differ if and when company or regulator disclosures are posted.

Timeline

Sept 18-20, 2025: Legend Senior Living appears on leak-tracking feeds as a Worldleaks-listed victim