A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access.Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and is investigating the incident while notifying affected users and working to contain the impact.“Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs.” reads the press release published by the company. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes of discovery. The members whose data is involved have been informed.”External experts found that intruders downloaded some data from Basic-Fit, affecting members in several countries, including about 200,000 in the Netherlands. Exposed data includes names, addresses, emails, phone numbers, birth dates and bank details. The company pointed out that no ID documents or passwords were accessed. There is no evidence of misuse so far, and the company is continuing to monitor the situation with external specialists.“An investigation conducted by external security experts has shown that some of the data stored in the system was downloaded. The downloaded data concerns active members in several countries. In the Netherlands, around 200.000 members are affected. The data concerns membership information, name and address details, email addresses, phone numbers, dates of birth and bank account details. Basic-Fit does not hold identification documents of members and no passwords were accessed.” continues the press release. “The investigation so far has not shown the data being available anywhere or having been misused. Together with external specialists, Basic-Fit continues to monitor the issue closely.”Basic-Fit is one of Europe’s largest fitness operators, with over 5 million members and more than 1,600 clubs across 6 countries. The company reported about €1.42 billion in revenue last year, driven by strong membership growth and continued expansion in key European markets.It’s unclear who carried out the attack, and at this time no ransomware group has claimed responsibility for the security breach.Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, Basic – Fit)