Updates on the data breach

Dear Members & Partners,

On March 26, 2024, we became aware of a data protection incident. We cannot rule out that personal data was accessed via specific URL links. This may include names, email addresses, photos, and member check-in data.

Upon becoming aware of this, we took immediate action. The breach has been closed since March 27, 2024. Our team is working tirelessly to further investigate the incident, its scope, and its impacts. Therefore, we have additionally engaged two companies specialized in IT forensics and IT security.

Following our initial intensive investigations, No PayPal, debit card, or credit card information of our members has been affected. To the best of our current assessment, these are older data sets. Additionally, we have determined with near certainty that passwords are not part of the data leak. Members and partners who joined Urban Sports Club after September 16, 2020, are also not affected by the incident. All affected members have been successfully identified.

We have reached out to all affected current and former members via email and informed them about which specific data were part of the incident. As a precautionary measure, all members who joined after September 16, 2020, were also being informed that their data were not affected by the data breach.

The data leak was an individual human error and not a successful hacker attack.

The incident does not affect the current Urban Sports Club Cloud network or current Urban Sports Club databases. Instead, the misconfiguration occurred in an old folder with backup files within a no longer utilized cloud environment, where settings were not properly set. Regrettably, this allowed external access to the data from outside the company.

Our current Urban Sports Club Cloud did not need to be changed at any time as it is secure.

We truly regret that this incident occurred.

The relevant authorities, our members, and partners have been informed about the incident. 

As soon as we have further insights, we will inform and update this page.

If you have any questions, please check our Frequently Asked Questions or contact us via this form.

Update April 17, 2024: Our investigations into the incident are ongoing. Initially, it was believed that a VPN was misconfigured, but it has now been revealed that the settings on a folder in a no longer used cloud environment were incorrect.

Frequently Asked Questions

The gap has been closed since March 27. If you were affected by the data leak according to our current state of knowledge, you have received an email from us.

Regardless of the incident, we recommend changing your password at regular intervals. Information on creating a password can be found on the website of the German Federal Office for Information Security (BSI).

We ask you to be particularly vigilant in the near future. Regardless of the incident, we recommend that you change your password at regular intervals. You can find new developments about the incident on our blog.

Based on our current knowledge, those affected have received information about which personal data is affected by the data leak.

The incident does not affect the current Urban Sports Club Cloud Network or current Urban Sports Club databases. Instead, it concerns the backup files in a cloud environment that is no longer in use. Nevertheless, we are taking this as an opportunity to carefully review our entire IT security infrastructure and processes once again.

Based on our current knowledge, we informed those affected by e-mail. If you are not included, you are not affected.

Almost certainly not.

The incident concerns the settings in an old folder with backup files in a cloud environment that is no longer used. Unfortunately, this made it possible to access the affected data from outside the company.

According to our findings on the Internet.

We as Urban Sports Club have no information on this.

Would you like to know more about our corporate sports offer?