Cybersecurity issues faced by gyms and how to protect customer data

Nearly every industry, business, or establishment is at risk of a data breach. The fitness industry is no different. Increasingly, gyms and fitness institutions using apps to communicate with clients are targeted.

With personal information easily accessible online and an increasing reliance on technology, there is always a risk of security breach. Because of this, businesses are urged to protect their customers' personal information through a strengthened cybersecurity set-up.
The unsecured PumpUp customer data incident
The popular fitness app PumpUp claims over six million users were leaking private and sensitive data via private messages between users. The Canadian-based company provides a social hub for fitness devotees, allowing subscribers to have access to workouts as well as track and record their health.
Last year, the company exposed sensitive personal data, leaving millions of subscriber’s health records and details leaked via an unsecured server hosted on Amazon’s cloud. Each time a user sent a message to another user, the app exposed user profile data along with the contents of that message.
Along with health records and details, the leak also exposed the location and time zone of the user, profile photos, and email addresses. Alarmingly, subscribers who used Facebook to log in to the app also left traces of their information out in the open, leaving their Facebook profiles exposed. In some cases, credit card information including numbers, expiry dates, and card verification numbers were found encrypted in the leaked information.
Security researcher Oliver Hough contacted business tech website ZDNet about the exposed server, who carried out investigations and notified PumpUp. They spent over a week trying to inform the company of the breach but were met with non-compliance until the server was eventually secured.
How hackers use personal data
Understanding the motives of hackers is the first line of defense against protecting your personal data from being infiltrated. Data breaches like the PumpUp incident are generally a means for hackers to steal personal identification. They are then able to use this information to break into private accounts, attempt to steal identities, or leak confidential information.
This type of identity theft allows attackers to exploit your personal details and even go as far as to hold your information for ransom. For hackers, breaching personal data is an easy and opportunistic means of making money. Hacking is big business, with stolen data having been used in the past to file fraudulent tax rebates, set up phony businesses, and even steal infrastructure.
Here’s a quick look at some of the most common motivations and ways hackers use personal data in addition to the above:
Data ransom: Ransomware attacks are one of the fastest-growing types of cyber attacks. Hackers gain unauthorized access to data through corrupt files or links that a user clicks to download. To enable the ransomware, the hacker locks you out from your operating system and demands a fee or a ransom to unlock it. This type of attack is motivated by financial gain and often to cause fear, for cryptocurrency manipulation, and as a form of misdirection to hide their tracks from additional crimes.
Phishing: In this scam, hackers breach personal data by posing as an establishment such as a bank or government institution and urges the user to click a link and enter personal information which is then used to steal identities and personal information such as credit card details.
Because they can: One of the main reasons hackers gain and use personal data is simply because they can. Some hackers breach data to prove that they can do it and to boast to fellow hackers or friends.
Importance of retaining customers for gyms
There are a few reasons gyms should focus on member retention. For one, it’s cheaper. Experts estimate that it can cost as much as five times more attracting and recruiting members than it does to retain existing members. Having a solid foundation of loyal members increases a gym’s reputation which makes it more inviting for new members to join. Investing in your existing client-base ensures they feel satisfied and cared for which increases the chances of them leaving positive reviews and drawing in referrals.
How to prevent a data breach of your gym
Both clients and potential clients need to know their personal information is safe. Joining a gym generally requires clients to fill out a membership form which includes personal details such as their name, address, height & weight, email address, and health records. This sensitive information should be completely confidential once in possession of the gym.
To prevent a data breach of your gym, it’s wise to develop a strengthened security system along with an action plan to follow in case a security breach occurs. Despite the lack of clear guidelines regarding security in the health & fitness industry, businesses have a moral duty to do what they can to protect their clients and reputation.

Developing a cybersecurity plan can potentially prevent an attack from occurring. Gym and business owners can do this by: 

  • Educating employees about the risk of cybersecurity: Teaching your employees about the different threats and potential risks of cyber-attacks can help them to be aware of the signs. Gym or business owners can warn employees against opening unusual links or accessing unfamiliar websites. 
  • Restricting access to websites: By limiting what sites your employees can see and visit you reduce the risk of someone accidentally accessing a webpage with malicious links. 
  • Frequently updating employee passwords: Send a reminder email or memo every couple of months prompting employees to change their password. Ensure your intranet prompts users to enter a multi-factor authentication
  • Using security systems such as an anti-virus software: Installing anti-virus software, anti-malware, and firewalls can safeguard against any potential threats to your operating system. 
  • Protect client information: Ensure that your gym follows the Australian Privacy Act and takes reasonable steps to keeping personal information secure. 
  • Hiring an IT expert: Hiring a professional can be a great asset to a business, particularly if employers/employees aren’t tech-savvy. An IT professional can take proactive action if a cybersecurity threat is apparent and can help a business keep information secure.

Upgrade your cybersecurity setup to protect your gym
Maintaining client happiness is one of the most important aspects of running a gym, so it’s imperative that their personal information is safe and protected. If you are looking to upgrade your cybersecurity setup in order to minimise the risk of a breach, contact Kiandra IT today.