Dutch fitness giant Basic-Fit disclosed a cyberattack that exposed personal data of around one million club members across several European countries. The company says the intrusion was detected and stopped within minutes, affected members and the relevant data protection authority were notified, and no identification documents or passwords were accessed. #BasicFit #MyBasicFitApp
Keypoints
- About 1 million Basic-Fit members in the Netherlands, Belgium, Luxembourg, France, Spain, and Germany were impacted.
- Exfiltrated data included full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and membership information.
- The unauthorized access was detected by monitoring systems and stopped within minutes, and affected members were notified directly.
- No identification documents or account passwords were accessed, and franchise customer data stored on a separate system was not exposed.
- Basic-Fit is working with external security experts, continues monitoring for leaks, and is bound by EU data retention rules that require deletion after two years.