Skip to content
Data breachOngoing

400,000 members affected by a claimed data leak at KeepCool

On 20 February 2026, a threat actor put up for sale on BreachForums a database claimed to belong to French gym chain KeepCool, affecting some 400,000 members across 270 clubs and exposing names, emails, phone numbers and some IBANs.

Victim
KeepCool
records
400.0K

On 20 February 2026, KeepCool — one of France's largest gym chains, with more than 270 clubs — became the subject of a data-leak claim when a threat actor advertised a database of its members for sale on the cybercrime marketplace BreachForums. The actor claimed the batch covered roughly 400,000 members.

According to the sale listing, the stolen records contained contact and, in some cases, banking details for KeepCool members spread across the chain's network of clubs. Reported categories of exposed data include:

  • Full names (first and last name)
  • Email addresses
  • Phone numbers
  • Bank account numbers (IBAN) for some members

In the days following the claim, KeepCool's mobile applications — including the KeepCool app and Metabolik — were taken offline. Members were subsequently targeted by fraudulent emails and SMS messages impersonating their clubs, demanding payment of a bogus €29.99 unpaid balance or asking recipients to "verify" or update their personal and banking information — a classic follow-on phishing and smishing wave riding on the leaked contact data.

As of reporting, the breach remained an ongoing situation: the data was being offered for sale, the affected applications were disrupted, and members were being warned to ignore the fraudulent payment and verification requests. Members are advised to remain vigilant against messages claiming to come from KeepCool and never to share banking details in response to them.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-20-keepcool
  2. x.comhttps://x.com/seblatombe/status/2024828966830321900
  3. x.comhttps://x.com/seblatombe/status/2025175597387743517

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise