What did Basic-Fit hack expose?

Basic-Fit confirms data theft affecting about a million members

Basic-Fit, the European gym chain, confirmed a cyberattack in which data for roughly a million members was stolen. The company said names, addresses, dates of birth, and bank details were accessed, while passwords were not.

The breach is notable for two reasons: the breadth of personal and financial data involved, and the cross-border nature of the incident. A related update says multiple countries were affected, including about 200,000 people in the Netherlands.

What was accessed

Basic-Fit reported the attackers obtained:

• Identity and contact info (names, addresses)
• Personal details (dates of birth)
• Financial account information (bank details)

Passwords and identity documents were not accessed, according to the reporting.

Why it matters

Even without passwords, exposed bank details can enable fraud or account-related attacks, and identity information can be used for phishing, account takeover attempts, or identity theft. Large consumer data breaches like this can also raise pressure on affected customers to review account activity and adjust security settings.

What’s still unclear

The stories provided do not specify which systems were compromised, what method the attackers used, or whether the stolen data has already been sold or used. Customers and regulators typically learn those details over time as investigations progress.

For gym members, the practical takeaway is that personal and financial data exposure—not just credentials—can still create long-lasting risk after a breach.