Total Fitness Details
Total Fitness
Wilmslow, Cheshire • 600 employees • Other Services (except Public Administration)
https://www.totalfitness.co.uk/
Industry
Other Services (except Public Administration)
Security Incidents
1
Total Fitness UK is a chain of health and fitness clubs offering gym facilities, swimming pools, and fitness classes across the United Kingdom. The company focuses on providing comprehensive fitness services including state-of-the-art gym equipment, personal training, and wellness programs to its members. Since its inception in 1993, Total Fitness has aimed to foster a community-oriented environment that supports the physical and mental well-being of its clientele.
Headquartered in Wilmslow, Cheshire, Total Fitness employs approximately 600 people across its various locations.
Security Incidents
Total Fitness Breach of Jun 2024
Show more
Show more
Show more
Severity Score
Significant to High
Type
OtherSummary
Total Fitness, a UK-based gym chain, experienced a significant data breach involving a 47.7GB unsecured database that contained images and sensitive information for 470,000 members and staff. Discovered by cybersecurity researcher Jeremiah Fowler, the database included identity documents, banking details, phone numbers, and some immigration records, all accessible without any password protection. The incident raised critical concerns about Total Fitness's data collection, storage practices, and access controls, especially as nearly 97% of the content consisted of member-uploaded images. While ...Show more
Severity
The incident involving Total Fitness demonstrates significant cybersecurity shortcomings due to an unsecured database exposing personal images and sensitive documents of 470,000 members and staff. With exposed images including identity documents, banking details, and immigration records, the risk for identity theft, fraud, and other malicious activities is substantial. The potential misuse of such data amplifies the severity of the breach despite claims of no unauthorized access beyond the initial discovery. Considering the scale, sensitivity of the data, and potential for future threats, this...Show more
Impact
Total Fitness experienced a significant data breach, exposing an unsecured database containing images of 470,000 members and staff. This database included highly sensitive information such as identity documents, banking and payment card details, phone numbers, and even immigration records. Although the company disputed the extent of the breach, claiming most images lacked personally identifiable information, the researcher highlighted that roughly 97% of the database comprised member images. While the company has since secured the database, the potential for misuse of the exposed data for iden...Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos