European fitness giant Basic-Fit has confirmed a data breach involving unauthorized access to a central system that stores member information across multiple countries. The company disclosed the Basic-Fit data breach incident in a statement released on Monday.

In the official statement, company informed that unknown hackers breached its systems and downloaded personal data belonging to members.

“Today, Basic – Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic -Fit clubs,” reads the statement released by European fitness giant Basic-Fit.

Basic-Fit Data Breach Detected and Contained Quickly

According to the company, the Basic-Fit data breach was identified through internal system monitoring processes. The unauthorized access was detected and stopped within minutes of discovery. Basic-Fit confirmed that it has notified the relevant data protection authority regarding the incident and has informed members whose data may have been affected.

An investigation conducted with the support of external security experts revealed that some of the stored data had been downloaded during the breach.

The company emphasized that it is continuing to monitor the situation closely with external specialists.

What Data Was Exposed in the Basic-Fit Data Breach

The Basic-Fit data breach involves sensitive personal information of active members across several countries. “The downloaded data concerns active members in several countries,” the company said.

In the Netherlands alone, approximately 200,000 members have been impacted.

The compromised data includes:

• Membership information
• Names and addresses
• Email addresses
• Phone numbers
• Dates of birth
• Bank account details

Basic-Fit clarified that it does not store identification documents of members and that no passwords were accessed during the breach.

The company further noted that, based on current findings, there is no indication that the exposed data has been made publicly available or misused.

“The investigation so far has not shown the data being available anywhere or having been misused. Together with external specialists, Basic – Fit continues to monitor the issue closely,” the release stated.

Centralized System Targeted

Dutch media reports indicate that the Basic-Fit data breach targeted a centralized system used to store member data from multiple countries. This system serves as a core repository for the company’s international operations.

The scale of the incident extends beyond the Netherlands. Reports suggest that up to 1 million members out of Basic-Fit’s total 5.8 million memberships may have been affected across different regions. The Basic-Fit data breach is believed to have occurred recently, although an exact timeline has not been disclosed.

As per regulatory requirements, the company reported the incident to the Dutch Data Protection Authority within 72 hours of identifying the breach.

Basic-Fit’s Ongoing Response

Basic-Fit claims to be the largest fitness operator and franchisor in Europe, operating in 12 countries through two brands. With more than 2,150 clubs and over 5.8 million members, the company provides fitness services at scale across the continent.

In its statement, Basic-Fit reiterated that members could continue using its facilities while the company manages the fallout of the Basic-Fit data breach. The organization maintains that it is taking the incident seriously and working with cybersecurity experts to assess the full impact.

The Cyber Express has reached out to Basic-Fit to obtain further details about the Basic-Fit data breach, including potential mitigation steps and long-term security improvements. However, as of the time of publication, no response has been received from the company.

This remains a developing story.

Further updates are expected as the investigation progresses, and more information becomes available regarding the scope and implications of the Basic-Fit data breach.