Basic-Fit data breach exposes personal information of 1 million customers

Bleeping Computer reports that Dutch fitness giant Basic-Fit has announced a significant data breach affecting approximately one million of its customers. The incident involved unauthorized access to systems that record member visits, leading to the potential exposure of sensitive personal data.

The breach, detected and stopped within minutes by Basic-Fit's system monitoring, allowed attackers to exfiltrate data including full names, physical addresses, email addresses, phone numbers, dates of birth, and bank account details. While franchise data was not affected due to separate storage, the incident impacts members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. Basic-Fit operates over 1,700 clubs and over 430 franchises in 12 countries, serving around five million members in total. Importantly, no identification documents or account passwords were compromised.

As Basic-Fit is subject to the European Union's data retention laws, personal data is automatically deleted after two years. The company is continuing to monitor for any signs of data leakage online with external security experts.

Source: Bleeping Computer