Gym operator Basic‑Fit hacked
Gym chain Basic‑Fit suffered a data breach that reportedly exposed about one million members’ personal details, including banking information. (economictimes.indiatimes.com).
Basic-Fit says hackers accessed personal and banking data tied to about 1 million gym members across Europe. (corporate.basic-fit.com) The company said about 200,000 affected members are in the Netherlands, and Reuters reported the wider breach spans several countries where Basic-Fit operates. (finance.yahoo.com) Reports in Belgium said the stolen records include names, home addresses, email addresses, phone numbers, dates of birth and bank details, with Belgian customers also affected. (vrt.be) Basic-Fit said the intruders got into the system that records members’ visits to clubs, not a password vault or an identity-document archive. The company said no passwords or copies of identity documents were accessed. (theregister.com) That distinction shapes the immediate risk: criminals who have names, contact details, birth dates and bank account numbers can craft convincing phishing messages without needing a login. The company warned affected members to watch for suspicious emails. (yahoo.com) Basic-Fit said its monitoring systems detected the unauthorized access and stopped it within minutes, but by then data had already been downloaded. The company said it had notified the relevant data protection authority within the 72-hour reporting window required in Europe. (vrt.be) The breach hits a company that has been expanding fast. Basic-Fit reported 4.82 million memberships at the end of 2025, and about 5.8 million memberships including Clever Fit after its 2025 acquisition. (corporate.basic-fit.com) Basic-Fit said the Clever Fit business and its franchise network were not affected because they run on separate systems. That limits the incident to part of the group’s larger gym estate, but still leaves a large pool of exposed member records. (finance.yahoo.com) The company said it is still trying to determine who was behind the intrusion and how they got in. For members who received an alert, the next step is less about resetting a password than checking bank activity and treating unsolicited messages as suspect. (dutchnews.nl)
