Gym chain data breach
Dutch gym chain Basic‑Fit reported a hack that exposed data for about 200,000 members, according to reports. The breach coverage lists stolen member records and raised questions about fitness‑industry data security (nltimes.nl).
Basic-Fit said hackers stole personal data from about 200,000 members in the Netherlands and roughly 1 million members across Europe. (reuters.com) (dutchnews.nl) The company said the breach involved active members in several countries and included names, addresses, email addresses, phone numbers, dates of birth, bank account details, and membership information. (reuters.com) (ad.nl) Basic-Fit said its monitoring systems detected the unauthorized access and stopped it within minutes, but the stolen data had already been downloaded. The company said it notified affected members and reported the incident to the Dutch Data Protection Authority. (theregister.com) (security.nl) The chain said no passwords were accessed, it does not store members’ identity documents, and no medical or health data was exposed. Basic-Fit told members the main immediate risk was phishing by email, text, or phone using the stolen personal details. (reuters.com) (ad.nl) The breach puts a spotlight on the kind of data gyms routinely hold to run recurring memberships: contact details, payment information, visit records, and account status. Basic-Fit told Dutch media the hacked system was the one that records members’ visits to clubs. (theregister.com) (nltimes.nl) That matters in Europe because companies that suffer a personal-data breach must notify regulators quickly under the General Data Protection Regulation, and Dutch media reported Basic-Fit made that notification within the required 72 hours. (ad.nl) (security.nl) Basic-Fit is one of Europe’s largest gym operators, with more than 2,150 clubs in 12 countries and millions of members, so a breach at one chain can spread across several national markets at once. Reports on April 13 and April 14 said members in at least six countries were affected. (nltimes.nl) (dutchnews.nl) Basic-Fit said it had no indication, as of Monday, April 13, that the leaked data had been misused. The next test is whether members start seeing targeted scams that use real names, birth dates, or bank details to look convincing. (nltimes.nl) (reuters.com)
