Basic-Fit Data Breach Exposes Sensitive Information of 1 Million Members

Severity: High (Score: 66.0)

Sources: Cybersecuritynews, www.franceinfo.fr, Gbhackers, www.liberation.fr, Thecyberexpress

Summary

Basic-Fit, Europe's largest gym chain, has confirmed a significant data breach affecting approximately 1 million members across multiple countries, with around 200,000 members in the Netherlands alone impacted. The breach involved unauthorized access to the system that records member visits, leading to the exposure of names, addresses, email addresses, phone numbers, dates of birth, and bank account details. No passwords or identity documents were accessed. The attack was detected on April 8, 2026, and was stopped shortly after its discovery. Basic-Fit has notified the Dutch Data Protection Authority and is working with cybersecurity experts to assess the situation. Affected members have been warned to monitor their accounts closely and be vigilant against phishing attempts. The company has not disclosed the identity of the attackers or the method of the breach. Currently, there is no evidence that the stolen data has been made public. Key Points: • Approximately 1 million members affected, including 200,000 in the Netherlands. • Sensitive data exposed includes bank details, names, and contact information. • Basic-Fit has reported the breach to authorities and is monitoring for data misuse.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Basic-Fit (company)
• ChipSoft (company)
• Clever Fit (company)
• MyFitnessPal (company)
• Odido (company)
• Austria (country)
• Belgium (country)
• France (country)
• Germany (country)
• Luxembourg (country)
• basic-fit.com (domain)
• Healthcare (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1566 - Phishing (mitre_attack)