Elixia fitness chain confirms data breach exposing customer names and contact details

The Finnish fitness chain Elixia has confirmed a data breach in which customer names and contact details were exposed, according to a company statement reported by national broadcaster Yle.

Elixia, owned by the SATS Group, announced on Wednesday that its parent company had fallen victim to a cybersecurity incident. Authorities have been notified after the breach was confirmed, following initial suspicions last week of unauthorized access to SATS’ IT systems.

The attackers gained access to a file server using shared storage, where documents containing gym members’ names and contact information were stored. However, the company stressed that its membership system—holding credit card details, passwords, and photos—remained secure.

Elixia also suspects that some employee personal data may have been compromised. All gym locations continue to operate normally despite the incident.