Urban Sports Club: Breakdown exposes thousands of members’ data

Highlights: Urban Sports Club: Breakdown exposes thousands of members’ data. ID photos, visiting times in sports facilities and other customer data were exposed online. The company does not want to confirm this yet - the Berlin data protection authority does. According to current reports, Urban Sports Club has more than 100,000 members. The investors in the start-up, founded in Berlin in 2012, include the venture capital firm HV Capital and ProSiebenSat1. Last December, the company closed a new financing round of 95 million euros.

ID photos, visiting times in sports facilities and other customer data from Urban Sports Club were exposed online. The company does not want to confirm this yet - the Berlin data protection authority does.

Enlarge image

Training in the gym: Many thousands of check-ins were freely accessible online

Photo: Oliver Berg/dpa

Data from thousands of Urban Sports Club members was online without password protection and accessible to anyone who knew the location. A spokesman for the Berlin Commissioner for Data Protection and Freedom of Information confirmed relevant information from SPIEGEL upon request.

"According to this, a customer database, photos of identification documents and data from visits to the participating sports facilities were publicly accessible," said the spokesman. This was confirmed and an official investigation was initiated. Urban Sports Club has been asked to comment on the incident.

The company itself announced that it had learned on March 26th “that we had a data protection incident. We cannot rule out that personal data was also accessed via specific URL links. At the moment we cannot provide any further information about the exact extent of the incident. However, they responded immediately. The gap has been closed since March 27th. The responsible authorities have been informed. According to the spokesman for the data protection officer, the company had “not yet reported a data breach” as of Thursday afternoon.

The financing round brought Urban Sports Club 95 million euros

An anonymous whistleblower said in an email to SPIEGEL that he had discovered photos of ID cards, passports and several files with around 50,000 customer data such as names, addresses, telephone numbers and emails in a freely accessible cloud storage. Hundreds or even thousands of members' "check-in data" were recorded in another 8,000 files - i.e. who was in which sports facility and when. The data was public for several years. At least some of them have also been offered in a darknet forum since June 2022.

The breakdown can have consequences for the company. The spokesman for the data protection officer explained: "In principle, the supervisory authorities have various means at their disposal in the event of violations of the General Data Protection Regulation, ranging from a warning for minor violations to fines for repeated or serious violations."

The statement from Urban Sports Club on Thursday said: "Our members and partners were informed about the incident today." They are working "with great intensity on the clarification."

According to current reports, Urban Sports Club has more than 100,000 members. The investors in the start-up, founded in Berlin in 2012, include the venture capital firm HV Capital and ProSiebenSat1. Last December, the company closed a new financing round of 95 million euros.

Urban Sports Club: Breakdown exposes thousands of members’ data

The financing round brought Urban Sports Club 95 million euros

You may like

Trends 24h

Latest