Basic-Fit targeted in cyberattack, data of 1M members exposed

Fitness franchise Basic-Fit has been hit by a cyberattack, exposing personal information of approximately one million members.

“Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs,” the sporting chain says in a press release that was published on April 13th.

According to the fitness franchise, the unauthorized access was detected and stopped “within minutes” after discovery.

As soon as the data breach was detected, an investigation was launched into the matter by external security experts. This showed that personal information of active gym members was exfiltrated in several countries, including 200,000 members in the Netherlands.

A company spokesperson told Dutch news outlet NOS that over a million members have been targeted by the attackers.

The data that was stolen includes names, residential addresses, email addresses, phone numbers, dates of birth, membership information, and bank account details. “Basic-Fit does not hold identification documents of members and no passwords were accessed,” the fitness franchise reassures.

So far, the investigation has not shown any sign of data misuse. Basic-Fit promises to monitor the situation closely.

Affected gym members received an email asking them to reset their My Basic-Fit password. It also says that attempts have been made to log in to their accounts using credential stuffing.

Credential stuffing is an attack in which hackers use illegally obtained login credentials from large-scale data breaches at other companies to log in to various online services.

Attackers systematically check whether they can log in to a website by using login details from another website. However, this attack method only works if people reuse the same password for multiple online accounts, and if companies allow such automated attacks.

Basic-Fit calls itself the largest fitness operator and franchisor in Europe. The company operates in 12 countries, including Austria, Belgium, Croatia, the Czech Republic, France, Germany, Luxembourg, the Netherlands, Romania, Slovenia, Spain, and Switzerland.

The gym chain has more than 5.8 million members and 2,150 gyms.