Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. The company operates the largest gym chain in Europe, owning more than 1,700 clubs and over 430 franchises in 12 countries, including the Netherlands, Belgium, France, Spain, and Germany. In a disclosure published on its website earlier today, Basic-Fit states that club members impacted by the cyberattack have been informed directly. “Today, Basic-Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic-Fit clubs,” reads the notification. “The unauthorized access was detected by our system monitoring processes and was stopped within minutes of discovery.” Despite the claimed quick response, an investigation conducted with the help of external security experts found that the attacker exfiltrated data belonging to some Basic-Fit members, which includes the following: It is important to note that customer data at Basic-Fit franchises has not been exposed in the incident, as it is stored on a separate system. In the public disclosure, the company specified that the number of affected individuals in the Netherlands is 200,000. However, a spokesperson told BleepingComputer that the total number is around 1 million members in the Netherlands, Belgium, Luxembourg, France, Spain, and Germany.