Massive Data Breach at Basic-Fit and Booking.com Exposes Millions of Customer Records

Severity: High (Score: 66.0)

Sources: www.vrt.be, www.nrc.nl

Summary

A significant data breach has occurred at Basic-Fit, affecting approximately 1 million customers across six countries, including the Netherlands, Belgium, France, Spain, Luxembourg, and Germany. The compromised data includes sensitive information such as names, addresses, email addresses, phone numbers, birth dates, and bank account details. Basic-Fit reported that the breach was detected and contained shortly after it began, but data from about 200,000 Dutch customers and 150,000 to 200,000 Belgian customers were already downloaded. The incident was reported to the Dutch Data Protection Authority within the legally required 72 hours. Concurrently, Booking.com has also experienced a security incident, where unauthorized access to customer booking information has been detected, although the extent of the impact remains unclear. Both companies are currently investigating the breaches and have taken steps to secure their systems. No identities or passwords were reported stolen in the Basic-Fit breach. Key Points: • Basic-Fit data breach affects 1 million customers across six countries. • Sensitive customer information, including bank details, has been compromised. • Booking.com also reports unauthorized access to customer booking data.

Key Entities

• Data Breach (attack_type)
• Phishing (attack_type)
• Basic-Fit (company)
• Booking.com (company)
• België (country)
• Duitsland (country)
• Frankrijk (country)
• Luxemburg (country)
• Nederland (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1566 - Phishing (mitre_attack)