An unsecured database containing 600,000 records belonging to Town Sports International, a fitness chain was exposed on the web without a password or any other authentication.
The exposed information included names, contact info, billing histories, limited payment information, and other personal information.
It immediately took preventive measures to secure the database and informed the affected members.
TPRM report: https://scoringcyber.rankiteo.com/company/newyork-sports-clubs
"id": "tow11448422",
"linkid": "newyork-sports-clubs",
"type": "Breach",
"date": "09/2020",
"severity": "90",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '600,000',
'industry': 'Fitness',
'name': 'Town Sports International',
'type': 'Fitness Chain'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'number_of_records_exposed': '600,000',
'personally_identifiable_information': True,
'type_of_data_compromised': ['names',
'contact info',
'billing histories',
'limited payment information',
'other personal information']},
'description': 'An unsecured database containing 600,000 records belonging to '
'Town Sports International, a fitness chain was exposed on the '
'web without a password or any other authentication.',
'impact': {'data_compromised': ['names',
'contact info',
'billing histories',
'limited payment information',
'other personal information']},
'response': {'communication_strategy': ['Informed affected members'],
'containment_measures': ['Secured the database']},
'title': 'Town Sports International Data Exposure Incident',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of authentication controls'}