More than 500k personal information of Elite Fitness have leaked

The fitness industry in Vietnam grows at an average rate of 20% annually until 2020, with market size of about 113 million USD. However, high-end brands such as Elite Fitness, California Fitness & Yoga… hold the bigger slice of the cake while other gyms, although at large scale, do not take much market share.

Along with the opportunity to earn hundreds of millions of dollars, Elite Fitness also face challenges in digital transformation. According to the reference we received from anonymous hacker groups, Elite Fitness is currently posing some problems with a data breach in ensuring information technology system safety and protecting user privacy.

A part of customer informations leaked

A large amount of information was disclosed in the breach including but not limited to:

• Email address, date of birth, gender, and user’s city or town and time zone.
• It also includes service usage history at training facilities
• Training target
• Contract, Balance
• Health index
• User activity as well as a profile picture
• Digital data of fingerprints, practice cards.

Unlike Gold prices, struggling with the 4-month low, the price of personal information keeps rising everyday in high demand.

Customer’s contracts database

According to the communication, it seems that hackers have exploited vulnerabilities in IoT devices (Timekeeper, Printer, Security Camera, etc.) from a specific training facilities.

Customer’s fingerprints data

Elite Fitness was not the first victim of data breaches. There are many organizations has been attacked and with lots of important data stolen, such as:

• Fitness app PumpUp leaked health data, private messages
• A popular fitness app just leaked 42 million records of user data
• U.S. fitness chains suffer data breach affecting 600K customers

A cybersecurity expert has said that “Elite Fitness will need to equip a lot of layers of protection and think about a significant investment in IT infrastructure before entering the game of this billion-dollar market.”

A part of Elite Fitness’s staff informations

Elite Fitness needs to consult with confidential experts to participate in the process of design, application, operation, and transfer to make the security process safe. Digital transformation is great for businesses but can also cause swift losses if the system is hacked or out of control.

The hacker shared that they were trying to contact Elite Fitness to discuss the leaked customer information. However, according to our observations, we have not found any description of the “Privacy Policy” or “Terms and Conditions” that protect the rights privacy of members.