Connect with us

Hi, what are you looking for?

Tech & Science

Gym chain exposes 600,000 records of members and staff (Includes interview)

Security researchers at Comparitech recently discovered an unsecured database left by Town Sports International, exposing 600,00 user records. Customer data included full names, street addresses, phone number, email addresses, last four digits of credit cards, credit card expiration dates, and billing history.

The database was first seen exposed on November 30, 2019 and was finally secured September 22, 2020, only a day after discovery. Because it was exposed for 11 months, we are unaware of who accessed the data during the 11-month timeframe. With the type of data, this was in the form of office application spreadsheets. The spreadsheets located on the server consisted of customer names, postal addresses, email addresses and phone numbers. Each of these is an item of personally identifiable information, according to Tech Crunch.

The impacted business – Town Sports International – is an established chain of gyms, fitness clubs, and spas, who operate in the northeast of the U.S. The company has recently taken steps to file for bankruptcy.

To gain an insight into the data loss, Digital Journal heard from Anurag Kahol, CTO and co-founder of Bitglass.

According to Kahol: “The Town Sports incident is yet another example where a massive amount of private data has been left exposed without a password. As this database was unsecured for 11 months, the information could potentially have been compromised by malicious actors looking to launch ransom or phishing scams.”

There are lessons to be drawn, according to Kahol: “When creating user accounts, individuals should be able to trust that their data will be protected, which can only be done when businesses take a proactive approach to security.”

As examples, Kahol highlights: “Technologies such as data loss prevention (DLP), multi-factor authentication (MFA), user and entity behavior analytics (UEBA), and encryption of data at rest are needed for organizations to guarantee that their customer and employee data is truly secure.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


For nearly 90 years, anyone in France needing to know what time it is down-to-the-second could ring up the Paris Observatory.


Russia's invasion of Ukraine has exacerbated concerns about oil supplies, sending prices to record highs this year.


Salmonella bacteria have been discovered in the world's biggest chocolate plant, run by Swiss giant Barry Callebaut in the Belgian town of Wieze.


The Czech Republic will take over the rotating six-month presidency of the European Union on Friday with all eyes on Ukraine.