Gym giant Basic-Fit confirms data on a million members stolen in cyberattack

The breach

Basic-Fit, Europe’s largest gym chain, has confirmed that attackers stole personal information — including bank details — for around 1 million members after an intrusion into a system that logs club visits. The company says the unauthorized access was detected by monitoring systems and stopped within minutes, and that it has notified the relevant data protection authority. It has been reported that Basic-Fit only disclosed the full size of the incident after The Register pressed the company for figures.

Who was affected

Members in six countries were hit: the Netherlands, Belgium, Luxembourg, France, Spain and Germany, with about 200,000 of those in the Netherlands alone, the company told reporters. Stolen fields include names, home and email addresses, phone numbers, dates of birth and bank details; passwords were not accessed and Basic-Fit says it does not store copies of identity documents. Across its Basic-Fit and Clever Fit brands the group has roughly 5.8 million registered members, so this is a significant slice of its customer base.

What to do next

Basic-Fit has told customers to watch for phishing and to verify suspicious communications through official channels; it is working with external specialists to investigate how the attackers gained access. For members, the immediate worry is financial fraud and nuisance scams — a bank call you didn’t see coming is a very different kind of workout. The company says it is not aware of any data being posted or sold online but is continuing to monitor the situation.

Sources: The Register