iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Alleged hack on gym management software provider Clubfit Software could impact gyms across Australia.
The KillSec ransomware gang has listed Australian gym management software provider Clubfit Software as a victim on its darknet leak site overnight.
The gang has already uploaded what it says is 1 per cent of the data it claims to have stolen, which amounts to an archived file totalling nearly 200 gigabytes in size.
“One per cent of data is published,” KillSec said in a 24 November leak post, before linking to a file hosting site and adding that the post will be updated in the days to come.
The gang also shared several files as evidence of their alleged activity, including several gym membership agreements with customer names, addresses, phone numbers, emails, and emergency contact numbers. Many of the documents also appear to include signatures.
KillSec does not mention a ransom amount or a deadline to pay but does offer some payment information.
“Company can pay for data deletion, and non-company related individuals may contact us to reach an agreement for data purchase,” KillSec said in its first update on the incident.
Cyber Daily has contacted Clubfit for comment but has yet to receive a reply.
Since then, KillSec has uploaded a full list of Clubfit’s clients, as well as another dump of 1 per cent of the data. The ransomware gang has also begun to contact Clubfit’s clients.
“Message to the company: We are beginning to contact your clients and the sub-clients of your clients regarding the data leak, and we will publish everything on our blog,” the most recent update said.
The recently published full client list has 694 gyms, leisure centres, boxing gyms, and other fitness centres, including Anytime Fitness and several other well-known fitness franchises, alongside smaller operations.
Cyber Daily has contacted some of the listed clients regarding the alleged incident, such as Anytime Fitness, but has not received a response to date.
KillSec began operations in October 2023 and rebranded itself as a ransomware-as-service operation in June 2024. According to its own description, KillSec is a “prominent hacktivist group operating in the cyber realm, operating since 2023”.
“With a focus on both disruption and digital activism, KillSec embodies the complexities of modern cyber warfare, blending elements of activism with the darker facets of hacking culture,” it said.
KillSec’s most recent Australian victim was Vogue Homes.
Clubfit Software provides a cloud-based gym management solution that tracks “payments, reporting, access control, marketing, statistical analytics, point of sale and much more”, according to the company’s website.
Several clients are listed on Clubfit Software’s website, including Input Fitness Health Club, All Aerobics Fitness, and Valhalla Strength.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
