Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries

Steven

Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries

Summary

Unknown attackers breached the systems of Basic-Fit, a major European gym chain, and downloaded personal data for around 1 million members across multiple EU countries. The company says the stolen data includes names, addresses, phone numbers, email addresses, dates of birth, bank details and membership information (subscription numbers/types and recent visits). Passwords and identity documents were not accessed, according to Basic-Fit. The intrusion was detected and stopped within minutes, but some data had already been downloaded. The company has reported the incident to the Dutch Data Protection Authority and notified affected members, advising vigilance against phishing.

Key Points

  • Approximately 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain and Germany were affected; about 200,000 of those are in the Netherlands.
  • Compromised fields reportedly include names, contact details, dates of birth, bank details and membership records; passwords and identity documents were not accessed.
  • Basic-Fit detected and halted the intrusion within minutes but confirmed data had been downloaded prior to containment.
  • The company has notified affected members by email, reported the breach to Dutch regulators and launched an investigation into the cause and perpetrators.
  • Basic-Fit operates more than 2,150 gyms in 12 countries and serves roughly 5 million members, making this a large-scale consumer data incident.

Content Summary

Basic-Fit confirmed an unauthorised download of member data from a central system that aggregates information across several countries. The firm emphasises that passwords and identity documents appear unaffected and that there is no current evidence of misuse, but it has warned members to watch for phishing. Local media reported the scale of the leak and social-media posts from members in Spain, France and the Netherlands show customers receiving notification emails. Regulators have been informed and an internal investigation is underway.

Context and Relevance

This breach sits within a sustained trend of attacks targeting centralised customer databases — especially for organisations with cross-border operations. For security teams and privacy officers, it underlines the risk of a single compromise exposing data across multiple jurisdictions and the importance of rapid detection, segmented storage and clear incident communication. For members, it raises tangible phishing and financial-fraud risks given the exposure of contact and bank details.

Why should I read this?

Because if you or your customers use big chains, this is exactly the sort of mess that can land in your inbox and wallet. It’s a quick heads-up about potential phishing and fraud, and a reminder to check your bank statements and be suspicious of unexpected emails or calls claiming to be from Basic-Fit.

Author style

Punchy: this is a large, cross-border breach — not a minor blip. Read the details if you manage customer data, handle incident response or want to understand likely follow-up risks (phishing, fraud, regulator inquiries). If you’re just a member, skim the key points and act on the advice to monitor accounts and ignore suspicious contact.

Source

Source: https://therecord.media/dutch-gym-chain-basic-fit-hit-by-hackers