Parent Company of New York Sports Club and Other Gyms Impacted by Data Breach

When it comes to improving our health and fitness, there’s nothing like a gym. But as gym-brand parent company Town Sports recently discovered, protecting customer’s personal information takes more than brute strength.

Don’t fall victim to a breach like Town Sports. A password manager can help prevent data breaches. Find out more and start a free 30-day trial of Dashlane for businesses or Dashlane Premium for you and your family today—no credit card required.

What happened?

This week, the parent company of New York Sports Club and several other gym brands acknowledged a breach of their customer database. Cybersecurity expert Sami Toivonen alerted Comparitech researcher Bob Diachenko that the database, which was not password protected, had been exposed online as long ago as November 2019. After verifying, Diachenko disclosed the breach to Town Sports, who secured the database the following day.

Who was affected? What information was potentially exposed?

More than 600,000 customers’ data was stored on the exposed database from the company’s various gym brands, including:

  • Around the Clock Fitness
  • Christi’s Fitness
  • Lucille Roberts
  • My Sports Clubs
  • New York Sports Club
  • Total Women

While customer account passwords were not stored in the database, other sensitive personal information was, including:

  • Names
  • Addresses
  • Emails
  • Phone numbers
  • Partial credit card information
  • Billing history, including past due accounts
  • Customer complaints
  • Gym check-ins, including location

What’s the risk?

If no passwords or payment info were exposed, what’s the risk of this data being accessible to anyone for almost a year?

Simply put, any customer information leaked online makes it easier for or the company you work for to be hacked or scammed, and leaks have serious consequences for the breached business as well.

On the business side, the monetary costs associated with a breach can be steep. Globally, the average cost of a data breach in 2019 was $3.92 million. That number jumps to an average of $8.64 million if we consider the U.S. alone. Neither of these figures includes the devastating effect of a security failure on brand perception. It can take years of hard, humbling work to bring a brand back into the spotlight after mishandling user data; and this is the hopeful outcome. The more common result—increasingly so as data privacy and the related regulatory landscape become more top-of-mind sensitive topics than ever—is a complete loss of consumer confidence without a road back.

But the impact can also be felt on a personal level. Since many people resort to easy-to-remember passwords for their accounts at home and at work, cybercriminals can use personal information to crack passwords. And knowing someone’s address, phone number, or even what gym they use can make phishing attempts more credible. Think about it this way: Are you more likely to give your credit card to someone emailing you impersonally out of the blue, or to someone who claims to work at your gym calling you about another missed payment?

I was a gym member. What can I do?

If you are or were a member of any of Town Sports’ gyms, change your account password to something randomized and unique immediately—especially if you reuse that password across several accounts. A password manager like Dashlane can generate and store randomized passwords for every account automatically.

If you’ve been impacted by this breach, it’s also best to check your credit score and monitor your credit. While complete credit card info and Social Security Numbers weren’t exposed, they may be possible for cybercriminals to reverse engineer, especially if they are cross-referencing other exposed databases of company data.

And how can you know if more of your personal information is floating around out there? Try running a dark web scan with Dashlane. You’ll receive a report if your data turns up somewhere it doesn’t belong online.

I’m concerned about my business. What can I do?

Weak, stolen, or reused employee passwords are the #1 cause of breaches. A password manager is the best first line of defense against a data breach. By encouraging and enabling employees to change their poor security and password behavior, a password manager minimizes your organization’s attack surface and strengthens one of your biggest vulnerabilities.

Start using a secure and easy-to-use password manager that protects access to your organization’s critical data and assets without compromising productivity.

How “fit” are your cybersecurity practices? Try Dashlane for your business or for yourself and start improving your password health for free.

    Dashlane

    Dashlane gives everyone who uses the internet a simple way to live savvier online. Generate strong, randomized passwords for every account, and autofill logins, personal info, and payment details instantly—without compromising your data security. Dashlane works across devices on every major operating system and browser, making the internet safer and easier to navigate at home, at work, and on the go.

    Read More