The Organization of Consumers and Users has launched a warning after the security incidents detected in Basic Fit and Booking, two cases that have left exposed personal data of clients and that can result in attempts of fraud through calls, emails or fake websites.
Millions of affected in the case of Basic Fit
Basic Fit has confirmed an illicit access to its customer database in more than a dozen countries. The incident has a particularly broad scope in España, Francia and Alemania, where those affected exceed 4.5 million people. In Países Bajos, the figure exceeds 200,000 customers.
The company has specified that it does not store identity documents of its partners and that account access passwords have not been compromised. Even so, the data exposure opens the door to possible frauds directed at users.
Among the practices detected in this type of cases are phone calls or emails in which the update of bank details or the verification of personal information is requested, with the objective of obtaining more information from the victim.
Booking detects access to customer data
Booking has also confirmed a security incident that allowed access to full names, email addresses, postal addresses, phone numbers, and booking details. The company has stated that financial information, such as credit card data or bank accounts, has not been accessed.
In this case, the fraud linked to the incident follows a specific pattern. Users may receive communications about alleged payment problems that redirect them to fraudulent websites, designed to capture their data.
Warning against impersonation attempts
The alert focuses on the possibility that third parties may use the obtained information to impersonate the affected companies. Neither Basic Fit nor Booking has a record of access to bank details or passwords, but there is access to sufficient information to personalize scams and make them more credible to customers.
The recommendation is to exercise extreme caution regarding unexpected messages or calls, especially if they include links or requests for personal data. In a context of massive leaks, the first sign of risk usually reaches the user's mobile phone or email.