In February 2021, Total Fitness suffered a major cyber-attack that compromised the personal data of its members. The attack exposed sensitive customer information, some of which dated back to June 2018. For many affected members, the Total Fitness data breach raised serious concerns about how well the company protected their personal data. The incident also left individuals vulnerable to identity theft, financial fraud, and privacy risks.
Unfortunately, this would not be the last time Total Fitness customers found themselves at risk. Just three years later, another major data breach in 2024 exposed even more sensitive member data.
2021 Total Fitness data breach explained
Total Fitness disclosed few details about the cyber-attack at the time, but what is known is that hackers gained unauthorised access to its systems and stole personal data. The attack affected an undisclosed number of members, and the exposed records spanned at least three years.
Once the breach was detected, Total Fitness contacted its members, warning them that their personal information may have been compromised. Customers were advised to monitor their financial accounts and take precautions against potential fraud.
What information was compromised in the Total Fitness hack?
Although Total Fitness did not provide full transparency on the extent of the breach, the stolen data reportedly included:
- Membership details, including full names
- Financial data, such as bank account numbers and sort codes
- Scanned copies of membership agreements
These details could be used by cybercriminals to commit fraud, identity theft, and phishing attacks, leaving affected individuals vulnerable.
The company’s handling of the breach raised questions about its cybersecurity protocols. If hackers were able to access personal data so easily, were adequate security measures in place to protect customer information?
Lessons not learned – the 2024 Total Fitness data breach
For those who assumed Total Fitness had improved its security after the 2021 cyber-attack, the 2024 breach was an even bigger shock. Unlike the previous incident, the more recent breach wasn’t even caused by hackers. Instead, a cybersecurity researcher discovered an unsecured database containing 470,000 customer and staff records.
This second breach shows a clear pattern of negligence when it comes to handling personal data. Customers who were affected in 2021 could once again be at risk, raising serious concerns about whether Total Fitness ever made meaningful improvements to its security.
Was my data leaked in the total fitness breach?
If your personal data was compromised in either the 2021 or 2024 breach, you may be eligible for compensation. Legal experts are investigating both incidents, as Total Fitness may have failed in its duty to protect member information.
Check now to see if you qualify to join the group action claim and hold Total Fitness accountable for its repeated data security failures.
