Basic-Fit breach exposes data of 1 million European gym members

Basic-Fit, Europe’s largest gym chain with 1,700+ clubs across 12 countries, disclosed a breach affecting roughly 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. Attackers reached the system tracking member club visits and exfiltrated names, addresses, emails, phone numbers, dates of birth, bank account details, and other membership information before being cut off. Identification documents and account passwords were not accessed, and franchise customer data sits on a separate system that was untouched.

The company says monitoring caught the intrusion within minutes and that no leaked data has surfaced online so far. Dutch authorities have been notified, affected members contacted directly, and external security experts retained for ongoing monitoring. With bank details in the stolen set, downstream fraud and targeted phishing against a verified million-member list are the obvious follow-on risks, regardless of whether the dump ever appears publicly.