400,000 members affected by a claimed data leak at KeepCool
On 20 February 2026, a threat actor put up for sale on BreachForums a database claimed to belong to French gym chain KeepCool, affecting some 400,000 members across 270 clubs and exposing names, emails, phone numbers and some IBANs.
- Victim
- KeepCool
- records
- 400.0K
On 20 February 2026, KeepCool — one of France's largest gym chains, with more than 270 clubs — became the subject of a data-leak claim when a threat actor advertised a database of its members for sale on the cybercrime marketplace BreachForums. The actor claimed the batch covered roughly 400,000 members.
According to the sale listing, the stolen records contained contact and, in some cases, banking details for KeepCool members spread across the chain's network of clubs. Reported categories of exposed data include:
- Full names (first and last name)
- Email addresses
- Phone numbers
- Bank account numbers (IBAN) for some members
In the days following the claim, KeepCool's mobile applications — including the KeepCool app and Metabolik — were taken offline. Members were subsequently targeted by fraudulent emails and SMS messages impersonating their clubs, demanding payment of a bogus €29.99 unpaid balance or asking recipients to "verify" or update their personal and banking information — a classic follow-on phishing and smishing wave riding on the leaked contact data.
As of reporting, the breach remained an ongoing situation: the data was being offered for sale, the affected applications were disrupted, and members were being warned to ignore the fraudulent payment and verification requests. Members are advised to remain vigilant against messages claiming to come from KeepCool and never to share banking details in response to them.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-20-keepcool
- x.comhttps://x.com/seblatombe/status/2024828966830321900
- x.comhttps://x.com/seblatombe/status/2025175597387743517