Basic-Fit

In April 2026, Basic-Fit disclosed that hackers had gained unauthorised access to its systems, compromising the personal data of members across several European countries. In the Netherlands alone, around 200,000 members were affected, with the full scope across other countries still unclear. The company stated that the breach was detected by its system monitoring tools and stopped within minutes, but the attackers had already downloaded member data before the intrusion was contained.

The exposed data includes names, physical addresses, email addresses, phone numbers, dates of birth and bank account details. Basic-Fit confirmed that no identity documents were compromised, as the company does not store copies of members' identification documents. Passwords were also not part of the breach.

The combination of contact information with bank account details and dates of birth presents a significant risk for targeted phishing, social engineering and potential financial fraud. Affected members in the Netherlands, Belgium, France, Spain, Germany and Luxembourg should be vigilant for suspicious communications. Basic-Fit's franchise operations in six additional countries use a separate system and were not affected.

If you are a Basic-Fit member, take steps to protect yourself even if you have not yet received a notification. Monitor your bank account closely for unauthorised transactions, particularly any new direct debits you did not authorise. Contact your bank to discuss additional protections such as alerts for new direct debit mandates.

Be highly suspicious of unsolicited emails, text messages or phone calls claiming to be from Basic-Fit or your bank. Attackers may use your leaked personal details to craft convincing phishing messages. Do not click links in unexpected messages and never share additional personal information or login credentials in response to such communications.

Change the password on your Basic-Fit account and any other accounts where you may have reused similar credentials. Enable two-factor authentication wherever possible. Consider placing a fraud alert with your bank and, if you are in the Netherlands, check your credit registration at BKR (Bureau Krediet Registratie) for any unfamiliar entries.