In April 2024, an alleged breach reportedly affected around 770,000 rows of data associated with the complete chain of gyms operated by “Synergym” in Malaga, Spain. The company’s facilities are reputedly equipped with modern equipment developed in conjunction with advanced medical science, technology, and professional guidance, purportedly enabling users to comfortably achieve their fitness goals. The threat actor has set the price for this trove of data at $2600, offering potential buyers access to a wealth of sensitive information.
Allegedly, the compromised database contains a vast array of information, including email addresses, SHA1 encrypted passwords, full names, ID card details, complete addresses (including street address, postal code, and city), date of birth, phone numbers, and IBAN (bank account information, present in approximately 70% of the rows). This breach potentially exposes sensitive personal data of individuals who frequented Synergym’s gym facilities.