Total Fitness Data Breach

on 24 Feb 2021 | by Simon Chadwick

Total Fitness have confirmed a data breach in which banking information including sort codes and account numbers have been stolen. The gym chain informed members on 20th February that data from June 2018 had been accessed by "a highly sophisticated international organised cyber-crime network." Credit card information has not been taken.



The company says it suspects the threat of fraud is low, but it has offered affected members access to a 12 month subscription to TrueIdentity, a credit monitoring service. Stolen sort codes and account numbers could possibly be used to set up unauthorised direct debits if matched to the owner’s identity. Total Fitness has disclosed that members’ names were included with the stolen information. While this in itself is not enough to commit fraud, it could be possible to use other, unrelated data breaches to cross-reference this information with other data such as addresses, which may be enough to enable criminal activity. The threat is therefore low, but not non-existent.





In addition, Total Fitness is advising affected members to:

  • Check your bank statement regularly for payments you don’t recognise.
  • Use strong passwords
  • Don’t give out personal information over the phone
  • Check your credit report regularly
  • Report any fraud you find to Action Fraud



Total Fitness has taken steps to secure its system by locking down external access, moving all sensitive information to new servers, and is working with law enforcement to investigate the attack. The company has expressed regret over the incident and offered customer support to anybody affected.

If you were involved in the Total Fitness data breach, you may be entitled to compensation. Use our handy compensation calculator now to see what you could claim.



23/10/2021 05:18:44