Basic-Fit Confirms Cyberattack Exposing Data of 1 Million Customers Across Europe
Europe’s largest gym chain, Basic-Fit, has disclosed a cyberattack resulting in the theft of sensitive customer data, including bank details, for approximately one million members. The breach, detected through system monitoring and contained within minutes, targeted a centralized system tracking gym visits across six countries: the Netherlands, Belgium, France, Germany, Luxembourg, and Spain.
The company confirmed that around 200,000 affected members are based in the Netherlands, with the remaining victims distributed across the other five nations. Stolen data includes names, home and email addresses, phone numbers, dates of birth, and bank details. Passwords and identity documents were not compromised, as Basic-Fit does not store such information.
Basic-Fit operates over 2,150 gyms under its Basic-Fit and Clever Fit brands, serving 5.8 million registered members across 12 European countries. While the company has not found evidence of the stolen data being leaked or sold online, it continues to monitor the situation and has warned customers to remain vigilant against potential phishing attempts.
An investigation, supported by external specialists, is underway to determine the attack’s origin and methodology. Basic-Fit has notified relevant data protection authorities and directly informed affected members.
Source: https://www.theregister.com/2026/04/13/basicfit_breach/
Basic-Fit cybersecurity rating report: https://www.rankiteo.com/company/basic-fit
"id": "BAS1776083386",
"linkid": "basic-fit",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,000,000',
'industry': 'Fitness',
'location': 'Europe (Netherlands, Belgium, France, '
'Germany, Luxembourg, Spain)',
'name': 'Basic-Fit',
'size': 'Over 2,150 gyms, 5.8 million registered '
'members',
'type': 'Gym Chain'}],
'customer_advisories': 'Warned customers to remain vigilant against potential '
'phishing attempts',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '1,000,000',
'personally_identifiable_information': 'Names, home and email '
'addresses, phone '
'numbers, dates of '
'birth, bank details',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personal and financial data'},
'description': 'Europe’s largest gym chain, Basic-Fit, has disclosed a '
'cyberattack resulting in the theft of sensitive customer '
'data, including bank details, for approximately one million '
'members. The breach targeted a centralized system tracking '
'gym visits across six countries: the Netherlands, Belgium, '
'France, Germany, Luxembourg, and Spain.',
'impact': {'data_compromised': 'Names, home and email addresses, phone '
'numbers, dates of birth, and bank details',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Centralized system tracking gym visits'},
'initial_access_broker': {'data_sold_on_dark_web': 'No evidence found'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Basic-Fit Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes'},
'response': {'communication_strategy': 'Notified relevant data protection '
'authorities and directly informed '
'affected members',
'containment_measures': 'Contained within minutes',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'External specialists'},
'title': 'Basic-Fit Cyberattack Exposing Data of 1 Million Customers',
'type': 'Data Breach'}