- Cyberattack exposed names, emails and bank details of 1m users.
- Subscription services become prime targets for identity and payment data theft.
What happened
Basic-Fit, one of Europe’s largest gym chains, said it had suffered a cyberattack affecting approximately one million members across its systems, including around 200,000 in the Netherlands.
The company said the breach involved unauthorised access to member data, exposing sensitive personal and financial information. The compromised data included names, email addresses, phone numbers and bank account details. Basic-Fit emphasised that passwords were not accessed, and it does not store copies of official identity documents.
The breach was detected through internal monitoring systems, and the unauthorised access was contained shortly after detection, according to the company. Affected members have been notified.
Basic-Fit operates across multiple European countries, and the incident reflects the risks inherent in managing large, centralised membership databases spanning multiple jurisdictions.
Why it’s important
The scale of the breach-impacting around one million users across Europe-has sharpened concerns about personal data security in consumer-facing digital platforms.
Even in the absence of password exposure, the leakage of bank account information and personal identifiers creates a heightened risk of downstream fraud, including phishing and financial scams. This illustrates that data sensitivity-not just account access credentials-is now central to cybersecurity risk.
More broadly, the incident adds to a growing pattern in which subscription-based services-ranging from fitness to streaming and fintech-are becoming prime targets due to their concentration of identity and payment data.
For regulators and industry players alike, the breach is likely to reinforce pressure around data protection standards, breach response transparency, and system architecture design, particularly in Europe where data governance expectations are already stringent.
Also read: North Korea-linked hack hits core internet software supply chain
