The pandemic saw a huge rise in data breaches, but why have fitness companies been targeted most recently? Here’s why…

Data breaches have been on the rise since technology, like mobiles and computers, became accessible to all. That said, the greatest rise in breaches we’ve ever seen has been since the pandemic broke out. But why

COVID-19 brought about fundamental changes in the way we, as a society, conduct business. This new reliance on technology, and remote working, to achieve this is leaving businesses more vulnerable than ever.

The question is, what is the picture looking like for fitness companies? Why are they seeing a rise in cyber-attacks and breaches? To discover more, read on…

Recent Fitness Data Breaches

Since the pandemic, there have been a large number of data breaches in a variety of sectors, including health, retail and more. In terms of the fitness world, there have been a few notable breaches, including:

Total Fitness Data Breach

On 19th February 2021, the Total Fitness app sent out an email to their customers informing them of an organised cyber-crime attack. The attack exposed a subset of private data from June 2018, comprising of names, bank details, and scanned copies of membership agreements.

The email said that the compromised information “is listed in isolation and is not linked with any other identifying information such as email addresses or postal addresses.” Upon discovering the breach, their systems were immediately locked down and migrated to a ‘clean environment’. What’s more, Total Fitness explained that they were working with the relevant authorities to ensure the issue was dealt with accordingly.

MyFitnessPal Data Breach

MyFitnessPal, the popular health and fitness app, was hit by one of the biggest data breaches in history, on 25th March 2021. Cyber thieves stole data from 150 million users, including usernames, email addresses and hashed passwords.

Under Armour, who run the app, said that the majority of affected passwords were encrypted. However, they have notified users, and are encouraging all affected accounts to change their passwords.

On the subject, they said: “Once we became aware, we quickly took steps to determine the nature and scope of the issue. We are working with leading data security firms to assist in our investigation. We have also notified and are coordinating with law enforcement authorities.”

Town Sports Data Breach

Personal information of over 600,000 customers and staff of New York fitness chain, Town Sports, was exposed in September 2020. The database of information was discovered by security researcher, Bob Diachenko, and consisted of:

• Names
• Addresses
• Phone numbers
• Email addresses
• Last four digits of credit cards
• Card expiration dates
• Billing histories

Diachenko informed Town Sports on 21st September, receiving no response. However, the database was no longer accessible the next day. It’s unclear to what extent this data was accessed by malicious individuals.

Why Are Fitness Companies Experiencing More Data Breaches in 2021?

There are always going to be risks in terms of protecting customer data. That said, since the pandemic, these risks have increased tenfold. Here are some reasons why:

Reliance on Technology

Technology has brought with it a huge number of benefits for the fitness industry. For starters, mobile phones provide greater accessibility to fitness through videos and social media, which encourages people to exercise along. On top of this, many apps allow for people to track their workouts and diets, connecting with their fitness watches.

What’s more, during the pandemic, many gyms and fitness companies began to rely on phone apps to coordinate their gym throughout the pandemic. Rather than having people simply turn up to the venue, slots had to be booked in via the app to allow for social distancing.

More than ever before, we’ve relied on technology to keep us fit throughout the pandemic, but this has left us exposed to more data breaches. This means our data is exposed to any potential hackers and potentially malicious employees.

Type of Data

The type of data that health and wellness companies keep is often quite personal and intricate in nature. Fitness apps often ask for our email addresses, names, dates of birth, card details, and even our height and weight!

The sensitive nature of this data, and the fraudulent uses it divines, means it’s a popular target for hackers.

Remote Working

Although we may forget it, there are humans behind our beloved fitness apps and companies. These real people have been working throughout the pandemic to keep us connected with our fitness goals.

That said, these employees may have been working from home, potentially risking exposing sensitive client data. This may have been the case for a number of reasons, including:

• Working on an unsecure network
• Leaving laptops open for housemates and family to access
• Using work laptops for personal use
• Not having a work laptop, and having to use a personal laptop for work
• Leaving sensitive documents in their household bins

These reasons are just a small number of the many ways data may have been exposed during the pandemic due to remote working.

Hybrid Working

Hybrid working is increasing the issue, as more and more people are travelling to and from work with their work documents and devices in tow. Alternating days in the office means putting this data at more risk than ever before. So, those working for fitness companies and apps may be more at risk of exposing customer data.

What Does it Look Like for 2022?

In this article, we’ve discussed some of the latest data breaches that fitness companies and apps have experienced since the pandemic broke out. We’ve also explained some of the reasons why this might be the case.

It’s clear that our “new normal” has changed many things, but data security is more at risk than ever before. It’s important that all fitness companies work to protect their customers’ data by working with the relevant authorities, like the ICO.