European Gym Giant Basic-Fit Data Breach Affects 1 Million Members
Basic-Fit, one of Europe's largest gym chains, disclosed a cyberattack that impacted approximately 1 million members. The breach exposed personal data including full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and other membership information. The intrusion was detected and stopped quickly, but sensitive information was exfiltrated.
Signal context
First seen: Apr 17, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Approximately 1 million members affected across Europe.
- Exposed data includes full names, physical addresses, email addresses, phone numbers, dates of birth, bank account details, and membership information.
- The company detected and contained the cyberattack, but data was exfiltrated.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Finance and Insurance
Likely country: Location not provided
Watch internet-facing systems, credential abuse and exploit activity.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data
- 26 signals in the same sector
- 95 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Data Breach Roundup (Apr 10-16, 2026) - Privacy Guideshttps://www.privacyguides.org/news/2026/04/17/data-breach-roundup-apr-10-16-2026/Public source from privacyguides.org.
Cyber News Roundup – April 17th 2026 - Integrity360https://www.integrity360.com/cyber-news-roundup-april-17th-2026Public source from integrity360.com.
Related signals
Grouped by why the signal is relevant.
Xsolis Data Breach Affects Nearly 1.4 Million Individuals
Healthcare technology company Xsolis disclosed a data breach impacting approximately 1.4 million individuals. The incident stemmed from a targeted phishing attack on January 20, 2026, which led to unauthorized access to a limited portion of the Xsolis environment. Exposed data includes names, dates of birth, Social Security numbers, health insurance information, and medical treatment information. Xsolis provides AI-powered solutions for healthcare providers and payers.
London Hydro Discloses Data Breach Affecting Customer Information
Canadian electricity provider London Hydro announced a data breach that potentially impacted the personal and account information of its customers. The exposed data may include names, addresses, email addresses, phone numbers, account and billing numbers, service addresses, pricing plans, contract dates, and meter numbers. The utility became aware of suspicious activity on a customer account on June 18, 2026, and an investigation determined a system vulnerability was exploited. No financial or other sensitive information like dates of birth or government IDs were compromised.
Nintendo of America Employee Data Stolen in TinyPulse Third-Party Breach
Nintendo of America confirmed on June 18, 2026, that internal employee survey data was stolen from TinyPulse, a third-party employee engagement SaaS solution owned by WebMD Health Services. The 'Shadowbyt3$' extortion group claimed responsibility, stating they exfiltrated approximately 1GB of data, including employee names, email addresses, analytics, survey data, bank statements, and W-9 forms. Nintendo's own systems and customer data were not compromised.
American Express Insider Data Breach Reported
American Express was involved in an insider data breach where an employee accessed the personal financial information of an individual. An investigation by the Australian Privacy Commissioner found the company breached privacy laws by failing to implement adequate restrictions on staff access to customer accounts.
NAIC Confirms Cyberattack on Oracle PeopleSoft Systems by ShinyHunters
The National Association of Insurance Commissioners (NAIC) confirmed a cyberattack on its Oracle PeopleSoft systems, part of a broader campaign by ShinyHunters exploiting CVE-2026-35273 between May 27 and June 9, 2026. The breach exposed publicly available statutory financial reporting information and credit rating agency data.
SoFi Hong Kong Confirms Third-Party Data Breach
SoFi Hong Kong, a subsidiary of the financial technology company SoFi, confirmed a data breach after hackers gained unauthorized access to a database at a third-party vendor containing customer information. The company is advising customers to update passwords, enable two-factor authentication, and monitor their accounts.