Passwords were not compromised, and the company says it does not store members’ identity documents.

Basic-Fit did not immediately respond for comment, and the full scope of cross-border leakage remains to be clarified.

Unauthorized access to the system that records member entries into clubs was detected and affected members have been informed.

Basic-Fit disclosed a massive data breach affecting about one million members across France, Belgium, Germany, Spain, Luxembourg, and the Netherlands, exposing subscription details, names and addresses, email addresses, phone numbers, birth dates, and banking information.

An FAQ page was set up to inform customers about the data leak.

The company reported the incident to the Dutch data protection authority within 72 hours, and the exact attack date is undisclosed; attribution remains unknown.

Customers were advised to verify communications through official channels and stay vigilant for phishing as the investigation continues.

The surrounding content includes advertisements and boilerplate, limiting additional information about the breach.

The incident was stopped by the security team on April 13 after discovery and reported to the relevant authorities.

There is no evidence yet of affected member data online, but monitoring continues and customers are warned about potential phishing.

Exposed bank account information (IBANs) could enable SEPA fraud when combined with personal identifiers.

No further details on the breach nature, impacted data types, or remediation steps are provided in the text.