Unauthorized data access at Basic-Fit impacts 1 million European gym members
Summary
Hide ▲
Show ▼
A cyber incident at Basic-Fit, Europe’s largest gym operator, resulted in unauthorized access to systems storing member visit records, affecting approximately 1 million individuals across six countries. The attacker exfiltrated personal and financial data, including full names, physical addresses, email addresses, phone numbers, dates of birth, and bank account details. The intrusion was detected and contained within minutes, but external experts confirmed data exfiltration occurred. Data stored by franchises was not exposed as it resides on a separate system. Basic-Fit operates 1,700+ clubs across 12 countries with over 5 million members, and the incident spans the Netherlands, Belgium, Luxembourg, France, Spain, and Germany.
Timeline
-
14.04.2026 00:50 1 articles · 9h ago
Unauthorized data access at Basic-Fit detected and contained within minutes, exfiltration confirmed by external investigators
Basic-Fit announced that unauthorized access to its member visit recording system was detected and contained within minutes via internal monitoring. An investigation with external security experts confirmed data exfiltration affecting approximately 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany.
Show sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
Information Snippets
-
Basic-Fit detected unauthorized access to its member visit recording system via internal monitoring processes and contained the intrusion within minutes of discovery.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
-
Approximately 1 million Basic-Fit members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany had their personal and financial data accessed and exfiltrated in the incident.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
-
Exfiltrated data includes full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and other membership information.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
-
Customer data at Basic-Fit franchises was not exposed as it is stored on a separate system.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
-
No identification documents or account passwords were accessed during the incident.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50
-
Basic-Fit states that data is automatically deleted after two years under EU data retention laws; app data is removed two months after uninstallation or membership termination.
First reported: 14.04.2026 00:501 source, 1 articleShow sources
- European Gym giant Basic-Fit data breach affects 1 million members — www.bleepingcomputer.com — 14.04.2026 00:50