Personal data of 1 million gym members compromised in Basic-Fit security incident

Basic-Fit, Europe's largest gym chain, confirmed a significant data breach affecting approximately one million members across multiple countries. Unauthorized actors gained access to company systems, exfiltrating personal identifiable information and financial data, including names, addresses, contact details, birth dates, and bank account numbers. While passwords and identification documents remain secure, the exposure of bank details elevates the risk of financial fraud. The intrusion was detected and halted within minutes, and no current evidence suggests data misuse. External security experts are assisting in the investigation and monitoring for potential misuse. Affected users have been notified, and relevant data protection authorities informed. This incident highlights the ongoing risk of unauthorized access to customer databases containing sensitive financial information, necessitating robust monitoring and access controls to mitigate future breaches and protect consumer trust.

A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and […]

Basic-Fit, Europe's largest gym chain, confirmed a significant data breach affecting approximately one million members across multiple countries. Unauthorized actors gained access to company systems, exfiltrating personal identifiable information and financial data, including names, addresses, contact details, birth dates, and bank account numbers. While passwords and identification documents remain secure, the exposure of bank details elevates the risk of financial fraud. The intrusion was detected and halted within minutes, and no current evidence suggests data misuse. External security experts are assisting in the investigation and monitoring for potential misuse. Affected users have been notified, and relevant data protection authorities informed. This incident highlights the ongoing risk of unauthorized access to customer databases containing sensitive financial information, necessitating robust monitoring and access controls to mitigate future breaches and protect consumer trust. A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and […] A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and is investigating the incident while notifying affected users and working to contain the impact. “Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs.” reads the press release published by the company. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes of discovery. The members whose data is involved have been informed.” External experts found that intruders downloaded some data from Basic-Fit, affecting members in several countries, including about 200,000 in the Netherlands. Exposed data includes names, addresses, emails, phone numbers, birth dates and bank details. The company pointed out that no ID documents or passwords were accessed. There is no evidence of misuse so far, and the company is continuing to monitor the situation with external specialists. “An investigation conducted by external security experts has shown that some of the data stored in the system was downloaded. The downloaded data concerns active members in several countries. In the Netherlands, around 200.000 members are affected. The data concerns membership information, name and address details, email addresses, phone numbers, dates of birth and bank account details. Basic-Fit does not hold identification documents of members and no passwords were accessed.” continues the press release. “The investigation so far has not shown the data being available anywhere or having been misused. Together with external specialists, Basic-Fit continues to monitor the issue closely.” Basic-Fit is one of Europe’s largest fitness operators, with over 5 million members and more than 1,600 clubs across 6 countries. The company reported about €1.42 billion in revenue last year, driven by strong membership growth and continued expansion in key European markets. It’s unclear who carried out the attack, and at this time no ransomware group has claimed responsibility for the security breach. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Basic – Fit)