Basic-Fit Hack Exposes Personal and Banking Data of 200,000 Members
Hackers gained access to the fitness chain's member visit registration system in an international cyberattack. Names, addresses, bank account numbers and membership details were downloaded before the intrusion was stopped.
Fitness chain Basic-Fit has been hit by a large-scale cyberattack affecting members across multiple countries. In the Netherlands, the personal and financial data of around 200,000 members has been stolen, the company confirmed on Monday.
Rentals in the Netherlands
Signaal tracks the Dutch rental market and notifies you the moment something matches your search. Be first to apply.
The stolen data includes membership information such as subscription number, type of membership, payment status and which gyms a member visited in the past week, along with names, addresses, email addresses, phone numbers, dates of birth and bank account numbers. Basic-Fit does not store identity documents, so none were taken, and the hackers did not gain access to passwords.
In total, one million members of the chain across multiple countries were affected. Basic-Fit operates in twelve countries, has around five million members and more than 2,150 gyms across Europe.
How it happened
The hackers gained unauthorised access to the system that registers members' gym visits. The intrusion was detected by the company's own monitoring systems and stopped within minutes of discovery.
However, external security experts established that a significant volume of data was downloaded in that short window. Basic-Fit says there is no evidence so far that the stolen data has been published online or is being misused.
What Basic-Fit is doing
Basic-Fit has notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and is working with external security specialists to further investigate the incident and continue monitoring. Affected members have been notified by email.
What affected members should watch out for
Basic-Fit says affected members do not need to take immediate action, but urges them to stay alert. With the stolen data, criminals can compose highly convincing phishing emails posing as trusted organisations such as Basic-Fit itself. The company warns members never to respond to requests for passwords, other sensitive information or money transfers prompted by such messages.
Members are advised to check their bank statements for suspicious transactions, be cautious about sharing personal or banking details, and report anything suspicious to both Basic-Fit and their bank.
