The European gym giant Basic Fit has just announced that it has suffered a cyberattack affecting the data of around a million members, in several countries including France. Among the information potentially exposed is bank details, which is a serious concern for subscribers who spend more time monitoring their statements than in the room.
The brand mentions “unauthorized access” to its databases, according to a message cited by Les Numériques, and claims to have stopped the leak “within the minutes following their discovery”. But with nearly 5.8 million members and more than 2,150 clubs, the impact remains massive. What exactly do we know about this Basic-Fit cyberattack and, above all, are your bank accounts really in danger?
Basic-Fit cyberattack: what data really leaked?
Hackers targeted the system which records members’ visits to clubs. According to the press release from Basic Fitthis intrusion made it possible to download subscription information, names and postal addresses, email addresses, telephone numbers, dates of birth as well as bank details of approximately one million customers in France, Belgium, Germany, Spain, Luxembourg and the Netherlands.
At least 200,000 people have already been identified in the Netherlands, while France has more than 800 rooms alone. A reassuring sign, “No password has been compromised” and the group says it does not “keep the identity documents of its members”, assured Basic-Fit in a press release relayed by 20 Minutes.
However, the gray areas remain significant. The brand does not specify whether the bank details displayed correspond to IBANs, card numbers or both. It is also impossible to know how long the breach existed before its discovery. So many elements that force subscribers to remain cautious.
Basic-Fit customers in France: are your banking details exposed?
Officially, Basic Fit claims to have directly informed the members concerned by email or SMS. If you received a message, check to make sure it doesn’t ask you to enter a code, pay money, or click on a link to an unknown site. If in doubt, go through the official app or website instead, typing in the address yourself.
If you have not received anything, this does not 100% mean that you are spared: identifying the affected accounts can take time and the channel does not publish the exact list of clubs affected. In this context, it is better to consider that your bank details may have been leaked if you pay for your subscription by direct debit or card.
Concretely, an IBAN allows you to attempt a fraudulent SEPA direct debit, but in France you can contest it and obtain a refund if you react quickly. A card number increases your exposure to unauthorized online payments, even if 3D Secure limits the damage. In all cases, active monitoring of your account remains the priority.
What to do after the Basic-Fit leak to protect your money?
Monitor your bank statements and notifications daily. At the slightest suspicious flow linked to Basic Fit or to an unknown third party, contact your bank immediately to dispute the transaction and, if necessary, oppose the card. In the event of proven card fraud, also report the scam on the official Perceval platform of the Ministry of the Interior.
Even though Basic-Fit ensures that your passwords have not been affected, take the opportunity to change those that you reuse elsewhere with the same email address. Choose unique, long passwords, and enable two-factor authentication on your most sensitive services like email or banking.
Finally, keep an eye out for upcoming official communications from Basic Fit. Under GDPR, the company must cooperate with data protection authorities and may be required to detail the exact nature of the compromised information. You have the right to ask what data it keeps about you and, if necessary, to demand its deletion.