Basic-Fit says data breach exposed data of about 1 million members across Europe

Basic-Fit has confirmed a major data breach that exposed personal data tied to around 1 million members, including about 200,000 in the Netherlands. Reuters, citing a company spokesperson, reported that the compromised data includes bank account details, names, birth dates, and contact information.

The company said it detected the unauthorized access through its own monitoring tools and stopped it within minutes. Basic-Fit also said it has already informed affected members, and that the main immediate risk is phishing rather than password abuse, because no passwords were accessed.

BEST SPRING 2026 DEALS

Editor's Choice

Private Internet Access

Access content across the globe at the highest speed rate.

70% of our readers choose Private Internet Access

70% of our readers choose ExpressVPN

ExpressVPN

Browse the web from multiple devices with industry-standard security protocols.

Nord VPN

Faster dedicated servers for specific actions (currently at summer discounts)

The breach hit the system used to register member visits at Basic-Fit clubs. Reuters reported that the company’s franchise operations in six additional countries use a separate system and were not affected by this incident.

What data was exposed

The exposed data set includes bank account details, names, birth dates, and contact information, according to Reuters’ report on the incident. Basic-Fit also said the affected system did not contain members’ identification documents, which limits the scope compared with breaches that involve passports or ID cards.

That still leaves a serious fraud risk. A breach that combines full contact details with dates of birth and bank information can give criminals enough material to build convincing phishing messages, fake customer support calls, or payment-related scams. Reuters said the company itself warned that phishing is the main threat for affected members right now.

Why the scale matters

The incident affects a large operator. Basic-Fit said in its 2025 full-year results that it has more than 2,150 clubs and operates in 12 countries, making it Europe’s largest fitness operator and franchisor.

Reuters described Basic-Fit’s core gym business as serving more than 4.5 million customers across six European countries, while its franchise model covers six additional countries on separate systems. That helps explain how a breach in one membership-related environment could still affect users across multiple markets without touching the full franchise network.

What affected members should do now

Anyone who received a notification from Basic-Fit should treat unexpected emails, texts, or calls about gym memberships, payments, refunds, or account verification with extra caution. Because passwords were not accessed, the most likely near-term abuse is social engineering built around stolen personal and banking details.

Members should also monitor bank activity closely and watch for unusual direct debits, payment requests, or account-change messages. If a message claims to come from Basic-Fit, the safest move is to open the official app or website directly instead of using links in the message. That advice follows directly from the phishing risk the company highlighted.

Key facts at a glance

The figures above come from Reuters’ reporting based on Basic-Fit’s statements.

FAQ