Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data

Summary

A threat actor named 'shabat' claims to have breached ANIMO, a Belgian sports/fitness chain, and is selling a database of approximately 105,000 customer records. The exposed data includes sensitive personal and financial information such as IBANs, BICs, tax IDs, dates of birth, contact details, and account balances. The attacker is offering tiered pricing ($90 per 1,000 records or $8,500 for the full dataset) on underground forums.

Full text

Breach Report · Belgium Belgian Sports/Fitness Chain Allegedly Breached Exposing 105K Customer Records With IBAN Data A threat actor claims to be selling a customer database from a Belgian sports/fitness business (gym branding visible in the post as “ANIMO”), advertising it as containing 105,000 customers with full IBAN banking details. The seller is offering tiered pricing with $90 per 1,000 customers or $8,500 for the full dataset. Post details Actor(s)shabat SectorSports / Fitness (gyms) TypeData Sale FormatJSON Price$90 per 1K customers / $8,500 for full database Records~105,000 CountryBelgium Date06/05/2026 Compromised data Customer ID and customer number First name, last name, date of birth, age, gender Customer status and card number Street, house number, ZIP, city Email address Private and mobile telephone numbers Account amount and consumption credit balance Later sale balance Last check-in time IBAN and BIC banking details Account holder name Tax ID Campaign name and image URL Screenshots 01

Indicators of Compromise

• malware — shabat

Entities