New York fitness chain Town Sports has suffered a data breach after a database containing the personal information of over 600,000 people was exposed on the Internet.
Town Sports International is the owner of well-known United States fitness centers and gyms, including New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, and Total Woman Gym and Spa.
Due to the Coronavirus pandemic and closing of gyms to battle the disease’s spread, Town Sports International was forced to file for bankruptcy on September 14, 2020.
In a new report from Comparitech, a database belonging to Town Sports International was discovered and analyzed by security researcher Bob Diachenko.
This database contained the user records for almost 600,000 members or staff, and contained personal information, including names, addresses, phone numbers, email addresses, last four digits of credit cards, credit card expiration dates, and a member’s billing history.
Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent
Diachenko and security reporter Zack Whittaker contacted Town Sports on September 21, 2020, to disclose the exposed database but did not receive a response.
The database was secured the next day, and the information is no longer accessible.
BleepingComputer has also contacted Town Sport but has not received a response.
It is not known if any unauthorized persons with malicious intent had accessed this database in the past.
To be safe, it is better to assume that someone, other than the researchers, may have accessed the data and to be on the lookout for targeted phishing emails.
“Scammers can use the database’s personal information to make the message seem more convincing. Phishing messages usually contain links to phishing pages that look authentic and often identical to the official website, but in fact are copies designed to steal passwords or payment info,” Comparitech stated in their report.
Therefore all Town Sports customers should be careful of responding or visiting sites contained in emails referencing your gym membership.
Also Read: Data Protection Authority GDPR: Everything You Need To Know
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
