Total Fitness Details

    Organization Logo

    Total Fitness

    Wilmslow, Cheshire600 employees • Other Services (except Public Administration)

    https://www.totalfitness.co.uk/

    Industry

    Other Services (except Public Administration)

    Security Incidents

    1

    Total Fitness UK is a chain of health and fitness clubs offering gym facilities, swimming pools, and fitness classes across the United Kingdom. The company focuses on providing comprehensive fitness services including state-of-the-art gym equipment, personal training, and wellness programs to its members. Since its inception in 1993, Total Fitness has aimed to foster a community-oriented environment that supports the physical and mental well-being of its clientele.

    Headquartered in Wilmslow, Cheshire, Total Fitness employs approximately 600 people across its various locations.

    Security Incidents

    Total Fitness Breach of Jun 2024
    Severity Score
    Significant to High

    Type

    Other

    Summary

    Total Fitness, a UK-based gym chain, experienced a significant data breach involving a 47.7GB unsecured database that contained images and sensitive information for 470,000 members and staff. Discovered by cybersecurity researcher Jeremiah Fowler, the database included identity documents, banking details, phone numbers, and some immigration records, all accessible without any password protection. The incident raised critical concerns about Total Fitness's data collection, storage practices, and access controls, especially as nearly 97% of the content consisted of member-uploaded images. While ...
    Show more

    Severity

    The incident involving Total Fitness demonstrates significant cybersecurity shortcomings due to an unsecured database exposing personal images and sensitive documents of 470,000 members and staff. With exposed images including identity documents, banking details, and immigration records, the risk for identity theft, fraud, and other malicious activities is substantial. The potential misuse of such data amplifies the severity of the breach despite claims of no unauthorized access beyond the initial discovery. Considering the scale, sensitivity of the data, and potential for future threats, this...
    Show more

    Impact

    Total Fitness experienced a significant data breach, exposing an unsecured database containing images of 470,000 members and staff. This database included highly sensitive information such as identity documents, banking and payment card details, phone numbers, and even immigration records. Although the company disputed the extent of the breach, claiming most images lacked personally identifiable information, the researcher highlighted that roughly 97% of the database comprised member images. While the company has since secured the database, the potential for misuse of the exposed data for iden...
    Show more