Town Sports International Data Breach Exposed Personal Information of 600,000 Members
An unsecured server belonging to the popular Town Sports fitness chain has exposed over 600,000 customers and staff members’ personal information.
Customer and employee records were stored in an unsecured Amazon S3 bucket, and included:
â€¢ Full names
â€¢ Street addresses
â€¢ Phone numbers
â€¢ Email addresses
â€¢ Last four digits of credit cards
â€¢ Credit card expiration dates
â€¢ Billing history
Fortunately, the database did not store any account passwords or full credit card details.
According to security researcher Bob Diachenko who analyzed the database, the server was unprotected for nearly one year, leaving room for unauthorized individuals to browse and steal customer information. Town Sports secured the server just a day after Diachenko disclosed his findings on September 21.
“We do not know if any unauthorized parties accessed the data while it was exposed, but affected customers and staff could assume as much,” Comparitech researchers said. Our research indicates unsecured databases can be found, stolen, and attacked within just a few hours of exposure.”
If cybercriminals had found and accessed the database, they could use the information to target gym and staff members. Town Sports members should keep an eye out for suspicious emails or phone calls. Never share personal or financial information via phone, email, or chat with any individuals who may contact you online.
Town Sports International owns multiple fitness centers and gyms across the US East coast, including New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, and Total Woman Gym and Spa.
This recent security incident could not come at a worse time, as the fitness chain filed for bankruptcy on September 14. The company has not issued an official statement or comment regarding the data breach.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 21, 2021
July 15, 2021