Runners on treadmill at gym

Total Fitness GDPR breach in court

Back in February of this year, health club giant Total Fitness wrote to its members advising that it had been the victim of a cyberattack.

The attack reportedly saw an international cybercrime network gain access to data from June 2018, including:

  • Copies of membership agreements
  • Members’ names
  • Members’ bank account numbers and sort codes

Despite this data being accessible during the breach, at the time, Total Fitness told members that usernames, passwords, and credit card information had not been compromised.

Total Fitness also said the compromised data “was listed in isolation,” meaning the cybercriminals couldn’t link it to identifying information like email or postal addresses. While that data itself wasn’t stolen, as copies of membership agreements would carry such identifying information, the hackers were likely able to make the link and use or sell the stolen data on this basis.

First known case comes to court

It has recently come to light that the first known data breach claim against Total Fitness is set to go to court, with a lawsuit having been filed against the gym chain back in June.

Karl Fleetwood, a former Total Fitness member, has taken the chain to the High Court due to the anxiety, distress, and financial loss and damage experienced following the cyberattack.

Fleetwood, seeking up to £3,000 in damages, has brought the claim under the Data Protection Act (2018). This superseded the European Union’s General Data Protection Regulation (GDPR) legislation upon the expiry of the Brexit transition period on 31st December 2020.

According to reporters who have seen the lawsuit filing, it reads, “He [Fleetwood] reports a feeling of anger and frustration about the fact that his data was compromised in the attack. He has been required to spend a great deal of time changing the passwords on all of his online accounts and obtaining new bank cards.”

Staying safe online

Anyone whose data was involved in the Total Fitness data breach has every right to claim the compensation they’re entitled to.

At the same time, the lawsuit’s wording does provide another reminder of the importance of ensuring all your online accounts have different passwords. We can easily end up with hundreds of online accounts. If you use a password manager app or browser generated passwords, you’ll have unique sign-in data for each site you use and remove the need to change all your passwords if your data is involved in a hack.

You can learn more about how you can keep your data safe online here.

Are you a Total Fitness member or ex-member concerned about the February 2021 data breach? Contact LawPlus today!

Did you receive an email from Total Fitness notifying you of the February 2021 data breach? Do you suspect your details were exposed to criminals but didn’t receive an email from Total Fitness?

In either situation, you may be entitled to compensation, and LawPlus can help you to get what you deserve.

Contact us now for a FREE, no obligation assessment of your Total Fitness data breach claim.