**Basic-Fit**, the largest gym chain in Europe with over 1,700 clubs and 430 franchises across 12 countries, including the Netherlands, Belgium, France, Spain, and Germany, announced that its systems were breached, granting hackers access to a substantial amount of customer data. ### Breach Details The company stated that impacted members have been directly notified. According to a notification published on their website, "Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs." The company claims the unauthorized access was detected and stopped within minutes. Despite the quick response claim, investigations revealed that the attacker exfiltrated the following data: * Full name * Physical address * Email address * Phone number * Date of birth * Bank account details * Other membership information Data from **Basic-Fit** franchises was not affected as it is stored on a separate system. While the initial disclosure mentioned 200,000 affected individuals in the Netherlands, a spokesperson later clarified that the total number is closer to one million members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. **Basic-Fit** estimates it has around five million members across Europe. ### Data Security and Retention The company maintains that no identification documents or account passwords were compromised. Under EU data retention laws, **Basic-Fit** is required to automatically delete personal data and membership information after two years. Customers can access their data in the My Basic-Fit app for one year after termination. The company states that data in the app should be removed two months after uninstalling it or upon membership termination. ### Ongoing Investigation **Basic-Fit** reports that its investigation has not revealed any evidence of the data being leaked online but will continue to monitor the situation with external security experts.