Basic-Fit gym group data breach exposes details of over 1 million members — here's what we know

News
By published

Unknown attackers breach Basic-Fit systems and steal data

A gym athlete lifting a kettle bell off the floor, bathed in purple light
(Image credit: Getty Images / freemixer)
  • Basic‑Fit confirms breach affecting around 1 million customers across six countries
  • Stolen data includes names, contact details, DOB, and bank info
  • No passwords or IDs exposed, but phishing risk expected

Basic-Fit, one of the biggest gym chains in Europe, has confirmed losing sensitive data on approximately a million of its customers.

The company confirmed the news in a data breach notification email sent to affected individuals, as well as in a press release and statements given to the media.

“Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs,” the press release reads. “The unauthorized access was detected by our system monitoring processes and was stopped within minutes of discovery."

Article continues below

Passwords are safe

While the announcement did not say how many people were involved, a spokesperson told The Register the affected customers live in all six countries where Basic-Fit operates: The Netherlands, Belgium, Luxembourg, France, Spain, and Germany.

“In total around 1 million members were involved," they told the publication. Of that number, around 200,000 are located in The Netherlands, apparently.

So far, no threat actors claimed responsibility for the attack. They stole people’s names, postal addresses, email addresses, phone numbers, dates of birth, and bank account details.

We don’t know what they mean by “bank account details”. Usually, companies only store the last four digits of a person’s credit card number on their server - full payment data is generally stored elsewhere.

“Basic-Fit does not hold identification documents of members and no passwords were accessed,” it concluded. So far, there is no evidence of the data being misused, but it’s safe to expect phishing emails being sent out in the coming weeks.

The company running Basic-Fit also owns Clever Fit, a German gym chain. Combined, the two have around 5.8 million registered members, according to The Register, and operate more than 2,150 budget-friendly gyms in 12 countries across Europe.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.