Basic-Fit Data Breach Exposes Personal and Financial Data of 1 Million Members

Severity: High (Score: 60.0)

Sources: Theregister, corporate.basic-fit.com, Cybersecuritynews, Thenextweb, Vrt.Be

Summary

Basic-Fit, Europe's largest budget fitness chain, has confirmed a data breach affecting approximately 1 million members across multiple countries, with around 200,000 members in the Netherlands alone impacted. The breach involved unauthorized access to the system that records member visits, exposing names, addresses, email addresses, phone numbers, dates of birth, and bank account details. Basic-Fit reported that no passwords or identity documents were accessed during the incident. The company has notified the Dutch Data Protection Authority and is conducting an investigation with external specialists. Members have been advised to monitor their accounts for suspicious activity and be vigilant against phishing attempts. The breach follows a significant data breach at telecom operator Odido, indicating a troubling trend in data security in the Netherlands. Basic-Fit operates over 2,150 gyms across 12 countries, serving a total of approximately 5.8 million members. Key Points: • Data breach affects approximately 1 million members, with 200,000 in the Netherlands. • Exposed data includes personal and financial information, but not passwords or identity documents. • Basic-Fit is investigating the breach and has alerted affected members to potential phishing risks.

Key Entities

• Data Breach (attack_type)
• Basic-Fit (company)
• Clever Fit (company)
• Odido (company)
• Booking.com (company)
• Austria (country)
• Belgium (country)
• France (country)
• Germany (country)
• Luxembourg (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1566 - Phishing (mitre_attack)