A series of high-profile data breaches at major European companies has prompted fresh concern about corporate cybersecurity, after fitness chain Basic-Fit, Dutch telecom operator Odido, and travel platform Booking.com all disclosed significant unauthorised intrusions within a short period. The incidents have exposed the personal and financial data of millions of customers across the continent.

Basic-Fit, a large European gym chain with operations across several countries, revealed on Monday that hackers gained unauthorised access to its member check-in system on 8 April. Although the breach was blocked within minutes of detection, a portion of customer data had already been downloaded. The compromised information was extensive, encompassing names, email addresses, home addresses, phone numbers, bank account details, dates of birth, and membership information such as visit schedules and recent club activity. The company has reported the incident to the Dutch Data Protection Authority and says it has found no evidence that the stolen data has been published or made available online. Around 200,000 Dutch customers are believed to have been affected.

By comparison, the earlier breach at Odido — the Netherlands' third-largest mobile network — was far larger in scale, affecting some 6.5 million people. That attack has been attributed to Shinyhunters, a well-known hacker group that typically exploits human error to compromise employee accounts with broad access to customer databases. The methods behind the Booking.com and Basic-Fit breaches remain unclear, and no direct link between the three incidents has been established.

Cybersecurity experts caution against viewing the recent cluster of announcements as evidence of a sudden surge in attacks.