US fitness chain, Town Sports suffers a data breach exposing a database containing 600K customer information exposed online.
US fitness chain, Town Sports suffers a data breach exposing a database containing 600K customer information exposed online.
Town Sports International is an operator of gyms, fitness clubs and spas operating in the Eastern United States, California and Switzerland. Its brands include New York Sports Clubs, Boston Sports Clubs, Philadelphia Sports Clubs, Washington Sports Clubs, Lucille Roberts, TMPL Gym and Total Woman Gym and Spa.
Town Sports International filed for bankruptcy on September 14, 2020, due to closing of gym’s to fight the coronavirus outbreak.
Comparitech security researcher Bob Diachenko discovered a database belonging to Town Sports International exposed online.
The data contained records of around 600,000 staffer members, and the information includes names, addresses, contact numbers, email addresses, last four digits of credit cards, credit card expiration dates, billing histories and limited payment information.
The customer and employee data were stored in an Amazon S3 bucket, and the database did not contain any account passwords, CVVs, or full credit card numbers.
Bob Diachenko received a tip from cybersecurity expert Sami Toivonen about the exposure on September 21, 2020. Diachenko quickly informed Town Sports as part of the disclosure policy. The database was secured on September 22, 2020.
It is still unclear how long the database remained exposed and if any unauthorized actors with malicious intent had accessed it in the past.
“In the wrong hands, cybercriminals could use the information stored in the database to scam and plush Town Sports customers and employees, ” notified Comparitech.
“Scammers can use the database’s personal information to make the message seem more convincing. Phishing messages usually contain links to phishing pages that look authentic and often identical to the official website, but in fact, are copies designed to steal passwords or payment info.”
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?