Hackers breached the systems of Dutch fitness giant Basic-Fit, gaining unauthorized access to the personal information of roughly one million members across Europe.
The breach targeted a system used to record member visits to Basic-Fit clubs. The company operates over 1,700 clubs and 430 franchises throughout the Netherlands, Belgium, France, Spain, and Germany.
Basic-Fit stated in a website disclosure that its monitoring processes detected the unauthorized access and halted it within minutes of discovery. However, an investigation involving external security experts confirmed that attackers successfully exfiltrated member data.
Compromised member details
The stolen information includes full names, physical addresses, email addresses, phone numbers, and dates of birth. The breach also exposed bank account details and other membership-related information.
While the company's public disclosure initially specified 200,000 affected individuals in the Netherlands, a Basic-Fit spokesperson told BleepingComputer the total number of impacted members spans the Netherlands, Belgium, Luxembourg, France, Spain, and Germany, totaling around one million.
Basic-Fit noted that customer data stored on separate systems at its various franchises remained unaffected by the incident. The company also confirmed that no account passwords or identification documents were accessed during the attack.
"Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs," the company wrote in its official notification.
Impacted members have been notified directly by the company. Basic-Fit stated that its investigation has not yet found evidence that the stolen data has been leaked online, though it continues to monitor the situation with external experts.
