Legend Senior Living Ransomware Attack and Data Leak
Learn More
Legend Senior Living, a senior care provider based in Wichita, Kansas, reports a data breach after a ransomware attack. The organization detected the incident on August 15, 2025, and subsequently notified state regulators and the U.S. Department of Health and Human Services.
The Worldleaks ransomware group claimed responsibility for the breach in September 2025. The attackers maintained access to the company's computer systems for nearly three weeks, from July 27, 2025, to August 15, 2025 and stole files containing sensitive personal and health information. After the company reportedly refused to pay the ransom, the Worldleaks group published the stolen data on their dark web leak site to pressure the organization.
The compromised data includes:
- Social Security numbers
- Medical information and health insurance details
- Financial account information
- Driver’s license and state identification numbers
- Passport information
- Full names
The number of affected individuals is 45,630
Legend Senior Living hired external forensic experts to investigate. The investigation completed on March 12, 2026.
The organization began mailing notification letters to affected residents and employees on April 10, 2026. The provider is offering 12 months of complimentary credit monitoring and identity theft protection services to the impacted individuals.
