A security breach at Basic‑Fit, Europe’s largest gym operator, has resulted in the exposure of personal data belonging to approximately one million members following unauthorized access to company systems.
Basic‑Fit confirmed that attackers gained access to internal systems and exfiltrated member information. The company stated it recently detected the intrusion, promptly blocked the unauthorized activity, and launched an investigation while notifying affected individuals and taking steps to limit the impact.
“Today, Basic‑Fit notified the relevant data protection authority about unauthorized access to the system that records member visits to Basic‑Fit clubs,” the company said in a public statement. “The unauthorized access was identified through our monitoring systems and was halted within minutes of detection. Members whose data may have been affected have been informed.”
An investigation conducted by external cybersecurity specialists determined that attackers downloaded certain datasets, impacting members across multiple countries. In the Netherlands alone, approximately 200,000 members were affected. Exposed information includes names, addresses, email addresses, phone numbers, dates of birth, and bank account details.
Basic‑Fit emphasized that it does not store identification documents and confirmed that no passwords were accessed during the incident. At this time, there is no evidence the stolen data has been published or misused, though monitoring efforts remain ongoing.
“External security experts have confirmed that some data stored in the affected system was downloaded,” the company continued. “The information relates to active members in several countries. The data includes membership details, contact information, dates of birth, and bank account numbers. Identification documents are not stored by Basic‑Fit, and no passwords were compromised. Our investigation has so far found no indication that the data has been misused or made publicly available.”
Basic‑Fit operates more than 1,600 fitness clubs across six countries and serves over 5 million members. The company reported approximately €1.42 billion in revenue last year, driven by strong membership growth and continued expansion throughout Europe.
The identity of the attackers remains unknown, and no ransomware group has publicly claimed responsibility for the breach.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
