Basic Fit has confirmed an unauthorized download of personal customer data, an incident that has put users in the Región de Murcia on alert and also members who are checking if their information may have been affected. The company maintains that it detected the access and blocked it in a few minutes.
The chain has communicated on its website that it has informed a part of its members after detecting that information extraction. Among the compromised data are name and surname, address, email, phone number, date of birth, account number, account holder, subscription type, pending payments, membership number, gym access history, and mobile device information.
What information would have been exposed
The company specifies that Basic Fit passwords and full copies of the ID are not part of the download. Even so, it admits that the information obtained can be used improperly, especially through fraudulent emails or phishing attempts directed at customers.
"We have informed a part of our partners about an unauthorized download of Basic Fit data" Basic Fit
In its communication, the company adds that it is not necessary for users to take a specific measure immediately, although it does ask to exercise extreme caution regarding suspicious messages or contacts. It also reminds that it is advisable to distrust emails, SMS or calls that request personal or banking data.
Recommendations after the breach
The Instituto Nacional de Ciberseguridad advises to review bank movements and to do internet searches to check if personal data is being used without authorization. That vigilance is especially relevant in cases where the exposed information includes contact and account data.
If an improper use of the information is detected, the recommendation is to report the facts to the State Security Forces and Bodies and also to the Spanish Data Protection Agency. The incident remains under monitoring while customers check if they have received any communication related to the download and remain alert to possible fraud attempts.