Basic-Fit, the largest gym operator in Europe, announced on Monday that a cyberattack resulted in the theft of personal data belonging to roughly one million of its members. The company confirmed that unauthorized parties accessed a centralized system used to track member visits to its clubs.
Impacted customers include members in the Netherlands, Belgium, France, Germany, Luxembourg, and Spain. The company initially disclosed the breach to affected users via email before confirming the total scope of the incident to press outlets.
Compromised personal and financial data
The stolen information includes names, home and email addresses, phone numbers, dates of birth, and bank account details. Basic-Fit clarified that while financial information was exposed, user passwords were not part of the stolen cache. The chain does not store copies of government-issued identity documents, which were reportedly spared in the incident.
"The unauthorized access was detected by our system monitoring processes and was stopped within minutes of discovery," the company stated in an official release. Basic-Fit further noted that it has already notified the relevant data protection authorities in the affected regions.
While the company has contacted those whose data was compromised, it maintains that it is not currently aware of the stolen information being leaked or sold online. Despite this, the gym chain has urged its members to remain vigilant against potential phishing attempts that may leverage the stolen contact information.
Basic-Fit operates more than 2,150 locations across 12 countries, serving approximately 5.8 million members under its Basic-Fit and Clever Fit brands. The breach specifically targeted a cross-border system that records club attendance, explaining why the theft affected multiple markets simultaneously.
A spokesperson for the company confirmed that an investigation into the breach is ongoing. "How they could access the system, who did it, and how is now part of the investigation that we are conducting with external specialists," the representative told reporters.
Basic-Fit continues to monitor the situation for any signs of the data appearing on the dark web or other public forums. The company has not yet provided a timeline for when their internal security audit will be completed.
