It has been reported in the UK media that Total Fitness suffered a data breach in June 2024. It arose when a public database was discovered that contained over 400,000 images of men, women and children.
The breach is said to have impacted personal data relating to its members and staff. Although the extent of the damage is not yet known, there is the potential for significant numbers of people to have been affected.
If you’re a Total Fitness member or employee and are worried about the situation and want advice on your legal rights, we can help.
Here at Legal Expert, we have a team of specialist data breach solicitors who can check for free if you’re eligible to claim compensation.
You can speak with us now by:
- Calling 0800 073 8804
- Or messaging us now via our live chat or WhatsApp chat
What Is The Total Fitness Data Breach?
In June 2024, it was reported by The Register that Total Fitness had exposed approximately 474,000 images of its members and employees in a database that was accessible to the public. This database did not have any password protection features.
Attached to some of these images were pieces of personal data that could be used to identify individuals. We explain more about the affected data below.
It is understood that Total Fitness has reported the incident to the Information Commissioner’s Office (ICO). Total Fitness has yet to make a public statement on the matter.
It should be noted that this breach is different from one that occurred in 2021.
What Data Was Affected?
In addition to images, the 2024 Total Fitness data breach was said to involve documents that can identify individuals—likely to be names and email addresses, though Total Fitness has not confirmed this.
The exposed information was also said to include phone numbers and reportedly bank account information.
In the cases of employees, it’s suspected that some immigration records may have been exposed too.
The images that were found in the publically available database were said to be membership photos showing faces. Personally identifiable information (PII) was attached to some of these images.
Who Did The Data Breach Affect?
It has been estimated that around 97% of the individuals affected were members, suggesting that the remainder of those impacted were employees.
While Total Fitness has not confirmed how many people were impacted, it has around 100,000 members and the database contained over 474,000 images. These images are of men, women and children.
What To Do If You’re Worried Or Have Been Impacted By The Total Fitness Data Breach?
Total Fitness has an obligation under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 to inform affected individuals. They should do this in the form of a data breach notification letter. This can also come in the form of an email.
This letter should confirm that you’ve been impacted by the recent Total Fitness data breach, what data was impacted, and what steps they are taking to secure it.
If you have not received a letter, you can reach out to Total Fitness and ask them to confirm.
Should I Report The Breach To The Information Commissioner’s Office (ICO)?
You do not need to report the breach to the Information Commissioner’s Office (ICO) right away. Total Fitness has notified the ICO already, it has been reported. This means they’re aware of it and are investigating.
If you make a complaint to Total Fitness about the data breach and they do not respond to you within 3 months, you can raise the issue with the ICO and complaint to them directly.
What Other Steps Can I Take?
Being involved in a data breach can be distressing. However, you can take some steps to secure your personal information:
- Keep an eye out for any suspicious calls, emails or text messages. If you don’t recognise who they are, err on the side of caution
- Speak with your bank. They will have procedures in place for those impacted by data breaches. They could help you secure your data.
- Keep an eye on your credit rating. If you notice any sudden changes, then somebody could be trying to take out credit in your name using the personal information they have about you
How Have Total Fitness Responded?
Total Fitness has not made a public statement, though they have given a comment to The Register. The company stated that it had conducted a forensic examination and identified at least 114 images that had personally identifiable information attached to them.
They have also stated that they have seen no evidence of anyone accessing the files, though it is believed the database has been accessible since March 2021.
It has notified the ICO of the breach, though no comment was made as to whether affected individuals have been informed.
How Legal Expert Can Help You Claim Compensation
If you would like to check if you could make a Total Fitness data breach compensation claim, we offer a free case consultation.
Here at Legal Expert, our team of data protection solicitors are well-versed in these types of cases. They understand the claims process and how to accurately value claims.
In order to make a data breach claim, you will need to prove:
- That you were impacted by the data breach. This can be done by providing a copy of the data breach notification letter.
- That as a result of the breach, you suffered damage either to your mental health or to your finances
If we can see that you’re eligible to make a Total Fitness data breach claim, we can offer to represent you on a No Win No Fee basis.
This means that you do not need to pay any fees upfront to make the compensation claim. You will only pay us a fee for our legal costs if your case is successful. The amount we deduct is capped by law and will be explained in clear terms before the case begins.
Speak With Us About The Total Fitness Data Breach And Compensation Claims
If you’d like to speak with us now about a potential Total Fitness data breach compensation claim, get in touch with us today.
Our helpline is open 24 hours a day, and you can speak with us now by:
- Calling 0800 073 8804
- Or messaging us now via our live chat or WhatsApp chat