European fitness chain Basic-Fit has confirmed a significant data breach after hackers gained unauthorized access to one of its internal systems, exposing personal information belonging to members across multiple European countries. The company said the breach involved a centralized system used to record member visits to its clubs and may have affected nearly one million users, including approximately 200,000 members in the Netherlands.
Unauthorized Access Detected Through Internal Monitoring
According to Basic-Fit, the breach was identified through the company’s internal monitoring systems, which detected suspicious activity and stopped the unauthorized access within minutes. The company stated that the relevant data protection authority has been notified in accordance with regulatory requirements.
In its official statement, Basic-Fit said: “Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs.” The company further noted that affected members have been informed directly.
FCRF Returns With CDPO, Its Premier Data Protection Certification for Privacy Professionals
Personal and Financial Data Downloaded
Following an investigation conducted with external cybersecurity specialists, Basic-Fit confirmed that some data stored in the compromised system had been downloaded by the attackers.
The exposed information includes:
- Membership information
- Names and addresses
- Email addresses
- Phone numbers
- Dates of birth
- Bank account details
However, the company clarified that it does not store members’ identification documents and that no passwords were accessed during the breach.
Breach Extends Beyond Netherlands
While Basic-Fit initially disclosed that 200,000 Dutch members were affected, later reports indicated that the total number of impacted individuals could reach one million across six European countries. The affected regions reportedly include the Netherlands, Belgium, Luxembourg, France, Spain, and Germany.
The breach reportedly targeted a centralized database used for storing member data from multiple countries, increasing the scale of exposure beyond a single market.
No Evidence Yet of Misuse, Investigation Ongoing
Basic-Fit stated that there is currently no indication the stolen data has been publicly leaked or misused. In its statement, the company said: “The investigation so far has not shown the data being available anywhere or having been misused.”
Despite that assurance, the company acknowledged that it continues to work with external experts to monitor the situation and determine the full scope of the incident. Cybersecurity analysts note that breaches involving financial and personal data can increase risks of phishing, fraud, and identity theft even if leaked data has not yet surfaced publicly.
