78709

Ransomware group KillSec has been reported to have as having hacked gym management software provider on Clubfit Software.

As reported by CyberDaily, the ransomware gang Clubfit Software as a victim on its darknet leak site earlier this month, claiming to have uploaded 1% of the data it claims to have stolen, which amounts to an archived file totalling nearly 200 gigabytes in size.

In a 24th November leak post KillSec advised “one per cent of data is published”, before linking to a file hosting site and advising of further posts.

CyberDaily added that the gang also shared several files as evidence of their alleged activity, including several gym membership agreements with customer names, addresses, phone numbers, emails, and emergency contact numbers. Many of the documents also appear to include signatures.

KillSec did not mention a ransom amount or a deadline to pay but does offer some payment information.

In a later update on the incident, KillSec added “company can pay for data deletion, and non-company related individuals may contact us to reach an agreement for data purchase.”

It went on to advise “message to the company: We are beginning to contact your clients and the sub-clients of your clients regarding the data leak, and we will publish everything on our blog,” the most recent update said.

The recently published full client list has 694 gyms, aquatic and recreation centres, boxing gyms and other fitness centres, including Anytime Fitness and several other well-known fitness franchises, alongside smaller operations.

KillSec began operations in October 2023 and rebranded itself as a ransomware-as-service operation in June 2024. According to its own description, KillSec is a “prominent hacktivist group operating in the cyber realm, operating since 2023”.

Clubfit Software provides a cloud-based gym management solution that tracks “payments, reporting, access control, marketing, statistical analytics, point of sale and much more”, according to the company’s website.

Several clients are listed on Clubfit Software’s website, including Input Fitness Health Club, All Aerobics Fitness and Valhalla Strength.

Industry operators including the Australian Sports Commission, Funlab, Life Saving Victoria, Raging Waters Sydney and YMCA NSW have been targeted by ransomware attacks in recent years.

Image credit: Shutterstock.

Related Articles

15th October 2024 - Funlab targeted in ransomware attack

16th July 2024 - ‘Nullbulge’ hackers claim to have carried out major cyber attack on Disney

11th July 2024 - Gymdesk secures $32.5 million to expand its fitness software platform

1st July 2024 - Envibe software boosts access to Manawatū District Council facility events

26th June 2024 - Investigators detail how hackers allegedly gained access to Ticketmaster data

24th May 2024 - Clubfit Software announces acquisition of EZeMember

26th March 2024 - GoXPro’s new Semi-Private Coaching software allows personal trainers to boost session revenue

28th February 2024 - EGYM and Virtuagym partnership delivers integration of club management software

13th February 2024 - Ticketek hack sees ‘thousands’ of Australian Taylor Swift fans with fears over stolen tickets

7th February 2024 - Xplor Technologies announces acquisition of fitness software platform Membr

16th March 2023 - Raging Waters Sydney impacted by ransomware attack

13th July 2021 - Clubfit Software offers innovative solution for member management

11th December 2019 - Kate Palmer apologises for ‘unauthorised access’ following Sport Australia email hack

16th August 2019 - YMCA NSW locations impacted by ransomware attack

---

Support our industry news service
We hope that you value the news that we publish so while you're here can we ask for your support?

As an independent publisher, we need reader support for our industry news gathering so ask that - if you don't already do so - you back us by subscribing to the printed Australasian Leisure Management magazine and/or our online news.

Click here to view our subscription options.