Skip to content
Data breachContained

Basic-Fit: 1 million customers affected, banking details exposed after a cyberattack

In April 2026, gym chain Basic-Fit disclosed that attackers breached its member check-in system, exposing the personal and banking details of roughly 1 million members across France, Belgium, Germany, Spain, Luxembourg and the Netherlands.

Victim
Basic-Fit
records
1.0M

On 13 April 2026, Basic-Fit — Europe's largest low-cost gym chain, headquartered in the Netherlands — disclosed a cyberattack that exposed the personal and financial data of approximately 1 million members. The intrusion involved unauthorized access to the internal system that records members' check-ins at Basic-Fit clubs.

The breach affected members across six countries where the chain operates: France, Belgium, Germany, Spain, Luxembourg and the Netherlands. According to the company, attackers were able to download a combination of identity, contact and banking information from the compromised system.

The exposed data included:

  • Subscription/membership information
  • Full names and postal addresses
  • Email addresses and phone numbers
  • Dates of birth
  • Banking details (IBAN)

Basic-Fit stated that no passwords were compromised and that it does not retain copies of identity documents. The company notified affected members and warned them of an elevated risk of fraud and identity theft, since the combination of an IBAN with a name and address can be used to set up fraudulent SEPA direct-debit mandates. Authorities were notified of the incident and access to the affected system was cut off.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/basic-fit-1-million-de-clients-touches-des-coordonnees-bancaires-exposees-apres-une-cyberattaque/
  2. cnews.frhttps://www.cnews.fr/france/2026-04-14/basic-fit-pirate-1-million-de-membres-touches-quelles-sont-les-informations-qui
  3. 24matins.frhttps://www.24matins.fr/une-cyberattaque-expose-les-donnees-bancaires-dun-million-de-clients-de-basic-fit-1405958

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise