Basic-Fit has confirmed a data breach affecting approximately 200,000 members in the Netherlands alone, with additional impact across multiple countries where the fitness chain operates.
The breach involved unauthorized access to a system tracking member visits to fitness clubs, which contains data from Belgium, France, Spain, Luxembourg and Germany, in addition to the Netherlands.
According to Basic-Fit, the compromised data includes membership information, names and addresses, email addresses, phone numbers, dates of birth, and bank account details, though no passwords or identification documents were accessed.
The company stated that the breach was detected by its internal monitoring systems and stopped within minutes, though a significant amount of data had already been downloaded before the intrusion was halted.
Basic-Fit has notified the Dutch Data Protection Authority of the unauthorized access and confirmed that, as of the statement, there is no evidence the data has been misused or shared online, though monitoring remains ongoing.
This incident follows a pattern of recent cyberattacks targeting Dutch companies, including mobile, fiber-optic, and TV provider Odido and healthcare provider Chipsoft, which were also targeted by hackers in recent weeks.
The fitness chain emphasized that while the breach does not involve compromised passwords or ID documents, the exposure of personal and financial details still poses risks for phishing attempts and targeted scams, as such data can be combined with other leaked information for fraudulent purposes weeks or months after the initial breach.
Basic-Fit has confirmed a data breach affecting approximately 200,000 members in the Netherlands alone, with additional impact across multiple countries where the fitness chain operates.
The breach involved unauthorized access to a system tracking member visits to fitness clubs, which contains data from Belgium, France, Spain, Luxembourg, and Germany, in addition to the Netherlands.
According to Basic-Fit, the compromised data includes membership information, names and addresses, email addresses, phone numbers, dates of birth, and bank account details, though no passwords or identification documents were accessed.
The company stated that the breach was detected by its internal monitoring systems and stopped within minutes, though a significant amount of data had already been downloaded before the intrusion was halted.
Basic-Fit has notified the Dutch Data Protection Authority of the unauthorized access and confirmed that, as of the statement, there is no evidence the data has been misused or shared online, though monitoring remains ongoing.
This incident follows a pattern of recent cyberattacks targeting Dutch companies, including mobile, fiber-optic, and TV provider Odido and healthcare provider Chipsoft, which were also targeted by hackers in recent weeks.
The fitness chain emphasized that while the breach does not involve compromised passwords or ID documents, the exposure of personal and financial details still poses risks for phishing attempts and targeted scams, as such data can be combined with other leaked information for fraudulent purposes weeks or months after the initial breach.
