Fitness chain Basic-Fit has warned 200,000 of its Dutch customers about a data breach that exposed their personal information. The company discovered the unauthorized access itself and stopped it within minutes, but not before the data was downloaded.
Exposed Customer Data
The stolen data includes membership information, names, addresses, email addresses, phone numbers, dates of birth, and bank account details. Basic-Fit has informed all affected customers and reported the breach to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). The company stated that, to its knowledge, the stolen data has not yet been published or misused.
Unanswered Security Questions
Basic-Fit has not disclosed the technical details of how the system was compromised. The source material noted that the breach raises questions for both the company and its IT services provider, Simac, particularly regarding the absence of controls to prevent mass data downloads. This incident follows other recent high-profile breaches, such as the one at Booking.com.
Official Response and Next Steps
The Dutch Data Protection Authority is expected to investigate the breach. This incident adds to a growing list of cybersecurity challenges in the Netherlands, including the recent Ivanti hack at a Dutch custodial agency. Affected Basic-Fit customers should remain alert for potential phishing attempts or other fraudulent activities using their exposed information.
