What is the Clubfit Software data breach?

The KillSec ransomware gang is claiming a potentially massive data breach affecting Clubfit Software, an Australian gym management software provider. They claim to have stolen data from hundreds of fitness facilities across Australia that use Clubfit's cloud-based management solutions.

When was the Clubfit Software breach announced?

The attack was claimed on the KillSec gang's dark web leak site on November 24, 2024.

How much data has been stolen in the Clubfit breach?

The ransomware gang claims to have stolen a massive amount of data. They have already published what they claim is 1% of the stolen data, which amounts to nearly 200 gigabytes.

What types of personal information were exposed in the Clubfit breach?

The exposed information reportedly includes highly sensitive customer data from gym membership agreements, such as customer names, physical addresses, phone numbers, email addresses, emergency contact information, customer signatures, and client business information.

Has Clubfit Software responded to the data breach?

As of the latest information available, Clubfit Software has not yet publicly responded to the incident.

What actions has the KillSec ransomware gang taken?

The KillSec gang has published approximately 1% of the allegedly stolen data on their dark web leak site. They have begun contacting Clubfit's clients directly and have threatened to publish all stolen data on their blog, escalating the pressure on the affected businesses.

What services does Clubfit Software provide?

Clubfit Software provides cloud-based management solutions for fitness facilities, including tools for tracking payments, reporting, access control, marketing, and statistical analytics.

Incident

KillSec ransomware gang claims attack on Clubfit Software fitness management

Q: How many fitness centers are affected by the Clubfit data breach?

According to KillSec's claims, the breach affects 694 fitness centers, including major franchises like Anytime Fitness, along with various leisure centers, boxing gyms, and independent fitness facilities across Australia.

published: Dec. 3, 2024

Learn More

The KillSec ransomware gang is claiming a potentially massive data breach affecting Clubfit Software, an Australian gym management software provider, with implications for hundreds of fitness facilities across the country.

Clubfit Software provides cloud-based management solutions for tracking payments, reporting, access control, marketing, and statistical analytics.

The attack was claimed on the gang's dark web leak site on November 24, 2024, where they have already published what they claim is 1% of stolen data, amounting to nearly 200 gigabytes. The breach is claimed to affect 694 fitness centers, including major franchises like Anytime Fitness, along with various leisure centers, boxing gyms, and independent fitness facilities.

The exposed information includes highly sensitive customer data from gym membership agreements, such as:

Gym membership agreements
Customer names
Physical addresses
Phone numbers
Email addresses
Emergency contact information
Customer signatures
Client business information

The full scope of the breach remains unclear, as the ransomware gang has only released a small portion of the allegedly stolen data.

Clubfit Software has not yet publicly responded to the incident. The ransomware gang has begun contacting Clubfit's clients directly and has threatened to publish all stolen data on their blog, escalating the pressure on the affected businesses.

KillSec ransomware gang claims attack on Clubfit Software fitness management

Read More
Cascading GitHub action supply chain attacks: reviewdog/action-setup leads …
Grubhub Reports Cyberattack, Possible Extortion
UT Health East Texas stops emergency room services, …
Slovenia's energy company Holding Slovenske Elektrarne sufferes ransomware …
Qilin ransomware gang claims breach of the Church …