HomeFitnessTotal Fitness Exposes 500k Images of Members & Staff

Total Fitness Exposes 500k Images of Members & Staff

Date:

Related stories

Guinness raids its Irish reserves to ease UK shortages amid gen Z demand

Guinness is raiding its reserves in Ireland to boost...

UK banks’ trust account exodus cuts lifeline for disabled people, says charity

People with disabilities are facing potential hardship because banks...

Tottenham vs Liverpool live updates: Premier League predictions, team news and latest score

Capacity: 62,850First used: 2019London’s biggest club stadium was built...

The four English counties named among the best places in the world to visit

Colchester Castle (Image: Getty)An area which boasts a unique...
spot_imgspot_img

Cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database containing 474,651 images belonging to Total Fitness, a health club chain with 15 locations across North England and Wales.

The database, which was 47.7 GB in size, included personal screenshots, profile pictures of members and their children, and facial images of gym employees.

Some images contained highly sensitive information such as passports, credit cards, and utility bills.

Fowler reported the breach to vpnMentor, and the database was closed nearly a week later. However, it remains unclear how long the database was publicly accessible or if anyone else gained access.

Potential Risks and Concerns

The exposed images raise serious privacy concerns, especially in the age of artificial intelligence (AI) and facial recognition technology. Criminals could use these images for impersonation, fraud, blackmail, or other malicious activities.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

Fowler highlighted the risks of AI-generated deepfakes, which can be used to create compromising or sexually explicit content involving the victim’s likeness.

The UK’s National Crime Agency (NCA) has already issued warnings about the rise in financial sextortion schemes targeting underage children.

The breach underscores the need for companies to implement robust data security measures to protect the personal information of their members and employees.

This image shows a screenshot of a member’s account that displays PII, including account ID number, name, email address, phone number, and home address.

Total Fitness’s Response

Total Fitness has taken steps to address the issue, including conducting a full audit of all member images and notifying the Information Commissioner’s Office (ICO).

The company stated, “We are communicating to all members whose images we have identified, and such images have been removed.”

They emphasized their commitment to protecting their members’ privacy and ensuring such incidents do not recur.

Fowler commended Total Fitness for their professionalism and responsibility in handling the data incident.

This breach is a stark reminder of the importance of data security and the potential risks associated with exposed personal information.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free

- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories

spot_img