Legend Senior Living 2025 Data Breach

Legend Senior Living Assisted Living Operator Breach (2025): 996K Resident & Staff Records Including SSN Exposed via Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

WorldLeaksRansomware / ExtortionMedicalSenior CareEmail AddressPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Legend Senior Living Assisted Living Operator Breach (2025): 996K Resident & Staff Records Including SSN Exposed via Ransomware

Senior housing and assisted living operator.

Verified by ObscureIQ Intelligence
69/100Breach Risk Index
30Data Value
40Market Recency
237dSince Breach

Breach Intelligence Summary

Entity: Legend Senior Living · Actor: WorldLeaks · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Company · Senior housing and care services · Residential care network · USA
Timeline: Breach (2025-07-27) · Indexed (Nov 13, 2025) · Year (2025)
Exposure: 996K records (parse); official total undisclosed records · 4 fields: Email Address, Phone Number, Physical Address, Social Security Number
Status: Confirmed

Executive Summary

Legend Senior Living, a Wichita-based senior-living operator, was accessed by an unauthorized actor between about July 27 and August 15, 2025; the WorldLeaks extortion group posted a leak claim on September 18, 2025. A DataBreach.com parse of the leaked data found roughly 409,300 emails, 996,000 home addresses, 576,000 phone numbers, and 32,700 Social Security numbers (distinct values that overlap across individuals). Legend's official notifications (April 10, 2026) reported exposure of names, addresses, SSNs, driver's licenses, government IDs/passports, financial account information, and medical/health-insurance data. State filings disclosed only small subsets (e.g., 5,006 Texas residents; 12 MA; 6 ME; 4 NH) and the national total remains undisclosed; the 996,013 figure is a raw address-parse count and likely overstates distinct affected individuals.

ObscureIQ assessment: Extremely sensitive. Exposure can enable identity theft, medical fraud, and exploitation of elderly residents and their families. Senior-care context also signals vulnerability and dependency.

Breach Impact

Because the records tie individuals to an elder-care operator, exposure signals a vulnerable, dependency-prone population that fraudsters actively target. Confirmed circulating identifiers (names, addresses, phones, Social Security numbers) create identity-theft and elder-scam risk; Legend’s notification additionally reported driver’s licenses, passports/government IDs, financial account information, and medical/health-insurance data, which would sharply increase medical- and financial-fraud risk if in the full dump. The breach also affects residents’ families and staff.

About Legend Senior Living

Legend Senior Living is a U.S. senior-housing and assisted-living operator headquartered in Wichita, Kansas, operating residential-care communities across Colorado, Florida, Kansas, Missouri, Oklahoma, Pennsylvania, and Texas. It maintains resident identity, health and care, billing, and family/guardian records along with employee data.

Why They Hold Your Data

Senior-living providers collect resident identity, contact, health and care records, billing information, family or guardian details, and operational records across residential-care workflows.

Recent Developments

An unauthorized actor accessed Legend servers between roughly July 27 and August 15, 2025; the WorldLeaks extortion group posted a claim on September 18, 2025. Legend preliminarily completed its file review on March 12, 2026 and began notifying affected individuals on April 10, 2026, offering credit monitoring through Cyberscout (a TransUnion company). Multiple class-action investigations followed.

Data Points Exposed

4 verified field types
Email Address
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Elder-targeted scams, coercion, and financial exploitation using resident identity and contact data
  • Identity theft and synthetic identity construction using SSN
  • Doxxing and physical targeting from exposed home addresses
  • SIM swap and vishing attacks where phone numbers are present
  • Potential medical- and financial-fraud if reported ID/financial/health data is in the dump
  • Family/guardian-directed social engineering
Threat vectors:
  • Elder-targeted fraud & financial exploitation
  • Full identity theft & synthetic identity fraud
  • Home targeting, stalking & physical threat
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Family/guardian-directed social engineering
  • Medical & financial fraud (if reported data circulating)

Threat Actor: WorldLeaks

WorldLeaks
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Legend Senior Living breach?

Legend Senior Living, a Wichita-based senior-living operator, was accessed by an unauthorized actor between about July 27 and August 15, 2025; the WorldLeaks extortion group posted a leak claim on September 18, 2025. A DataBreach.com parse of the leaked data found roughly 409,300 emails, 996,000…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation