European fitness chain, Basic-Fit, has disclosed a data breach affecting members across multiple countries, including 200,000 in the Netherlands. The breach exposed names, addresses, email addresses, phone numbers, dates of birth, and bank account details. The company has notified the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) after discovering unauthorised access to the system it uses to register member visits to its fitness clubs. No passwords or identity documents were accessed, and no identity documents, such as passports or driving licences, were stored in the company's storage. The leak of bank account information is likely to be the most significant concern for affected members, creating the conditions for SEPA direct debit fraud and financial impersonation. The incident follows a pattern of attacks targeting systems that hold aggregated customer identity and financial data.