Basic-Fit, the budget gym chain, has been hit by a major cyberattack - and you could be among those affected.
Over the past few years, Basic-Fit has grown into one of Europe’s most recognisable names in bodybuilding and fitness. The brand now counts more than 4.7 million members, spread across 2,150 gyms throughout Europe.
That momentum has been interrupted by a serious security incident. Basic-Fit has confirmed that it has suffered a large-scale cyberattack, with hackers gaining access to personal data belonging to subscribers in multiple countries.
Basic-Fit cyberattack: what we know so far
Basic-Fit says the information obtained by the hackers includes names, dates of birth, telephone numbers, email addresses and even bank details linked to Basic-Fit memberships. That combination of data can create real risk for affected individuals, including fraud attempts and identity-related scams.
At this stage, the company has not shared detailed technical information about how the breach occurred. What is clear is the scale: Basic-Fit operates in 12 European countries, and the incident spans more than one market.
Basic-Fit has stated that over 200,000 customers in the Netherlands have had their personal data stolen, and that more than one million people across Europe are impacted in total.
Are Basic-Fit customers in France affected?
Many subscribers in France will understandably be asking whether they are included. For now, Basic-Fit has not provided a precise figure for potentially affected members in France, so it is not possible to say how many people there may have been caught up in the data theft.
As of September 2025, Basic-Fit reported operating:
- 893 gyms in France
- 245 gyms in the Netherlands
- 43 gyms in Germany
Given the size of the French network, customers in France should be prepared to hear directly from Basic-Fit in the coming hours or days if their accounts are linked to the breach.
Basic-Fit’s response and what has (and hasn’t) been taken
Basic-Fit is attempting to reassure members. The chain says it reacted within minutes of detecting the cyberattack, suggesting the intruders entered systems illegally before being identified.
The company also states that the hackers were not able to take identification documents and did not obtain customer passwords.
What you should do if your Basic-Fit personal data has been exposed
If your information has been compromised in a cyberattack, the biggest immediate risk is often follow-up fraud rather than the breach itself. If Basic-Fit contacts you to confirm you are affected, it is sensible to:
- Monitor your bank account closely for unexpected payments, refunds or new direct debits
- Be cautious with emails and text messages that reference your membership, as hackers may try phishing using genuine details
- Avoid clicking links in unsolicited messages; instead, go directly to Basic-Fit’s official website or app
- Consider asking your bank about additional safeguards if your bank details may have been exposed
Recent expansion adds pressure as Basic-Fit investigates
The incident comes only months after Basic-Fit expanded significantly through its acquisition of Clever Fit in Germany. That deal, announced in October, added nearly 500 additional gyms.
The purchase also helped Basic-Fit extend its footprint into new markets, including Austria, Switzerland, Slovenia, Romania, Croatia and the Czech Republic - widening the number of customers potentially needing clear communication and support as the company works through the aftermath of the cyberattack.
Comments
No comments yet. Be the first to comment!
Leave a Comment