Club Industry is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

MINDBODY confirms limited data breach Photo by matejmo / Getty Images.
MINDBODY, San Luis Obispo, California, purchased Atlanta-based FitMetrix in February 2018 for an undisclosed amount.

MINDBODY May Have Experienced a FitMetrix Data Breach, Has Re-secured Platform

No personal health data or FitMetrix account credentials were exposed in the since-secured data sets, MINDBODY's chief information security officer told Club Industry, despite the claims of a security researcher who discovered the possible breach on Oct. 5.

A data subset of the consumers managed by digital fitness tracking platform FitMetrix may have been publicly breached online, MINDBODY confirmed with Club Industry on Oct. 11. No personal health data or account credentials were exposed, the company said, and FitMetrix's data sets have since been re-secured.

MINDBODY, San Luis Obispo, California, purchased Atlanta-based FitMetrix in February 2018 for an undisclosed amount.

"Current indications are that this data included a subset of the consumers managed by FitMetrix ... and did not include any login credentials, passwords, credit card information or personal health information," Jason Loomis, MINDBODY's chief information security officer, told Club Industry. "MINDBODY takes the privacy and security of our customer and consumer data seriously, and we will leverage this incident to continuously improve our security posture."

On Oct. 5, security researcher Bob Diachenko alleged he found three unprotected FitMetrix servers that were exposing consumer data such as users' names, genders, email addresses, phone numbers and primary workout locations. Diachenko refuted Loomis' statement about the exposure of personal health information, according to an Oct. 11 report by TechCrunch, which claims that data regarding weight, height and shoe size was publicly uncovered.

Loomis told Club Industry that MINDBODY took "immediate steps" to close all vulnerabilities within the FitMetrix platform.

"FitMetrix’s powerful and intuitive tools help our customers drive results and retention while providing their clients with a fun and unique approach to fitness,” MINDBODY CEO Rick Stollmeyer said of FitMetrix in a Feb. 20 media release. “Interactive engagement is the future of fitness, and we see some of our most successful customers integrating performance tracking technology into their studios.”

FitMetrix is one of several companies recently acquired by MINDBODY. The other companies included Lymber Wellness and Booker Software.

MINDBODY recently reported 40 percent growth in its 2018 second quarter revenue.

TAGS: Vendors
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.