Security & Fraud

MINDBODY Co Data Breach Could Impact 113.5M Users

FitMetrix, a fitness technology and performance tracking company owned by MINDBODY, has suffered a data breach that could impact 113.5 million users. The company, which builds fitness tracking software for gyms and group classes, was acquired by gym and wellness scheduling service MINDBODY earlier this year for $15.3 million.

Bob Diachenko, Hacken’s director of cyber risk research, revealed the breach was caused by several servers that were left without a password. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more.

Diachenko added that one of the databases even contained a ransom demand note. "It appears that the attackers are using a script that automates the process of accessing a database, possibly exporting it, deleting the database and then creating the ransom note," he wrote.

While Diachenko contacted the company via email address a week ago to notify them of the issue, the company only secured the server after being contacted by another publication.

“We recently became aware that certain data associated with FitMetrix technology stored online may have been publicly exposed,” said Jason Loomis, MINDBODY’s chief information security officer. “We took immediate steps to close this vulnerability. Current indications are that this data included a subset of the consumers managed by FitMetrix, which was acquired by MINDBODY in February 2018, and did not include any login credentials, passwords, credit card information or personal health information."

However, Diachenko said there was “some” health information in the data, and publication also found several records that included height, weight and shoe sizes of users. MINDBODY spokesperson Jennifer Saxon would not elaborate on the incident any further, but the company said it will “comply with all applicable legal obligations” in reporting the data exposure to U.S. and European authorities. However, it wouldn’t comment on whether or not it will inform customers of the security lapse.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.