PayAsUGym hack exposes members' card details

" "

itness website PayAsUGym has admitted that members' financial details were stolen when one of its servers was hacked on Thursday.

The discovery was made by security experts who found partial card numbers and home addresses on a public website.

The company acknowledged there had been "confusion" over earlier claims that it did not hold any card details.

Security expert Troy Hunt advised customers to cancel their credit card if they think details have been stolen.

PayAsUGym, which sells passes for gyms around the UK, alerted its members to the security breach in an email on Friday which said "one of the company's IT servers was accessed by an unauthorised person".

While it said email addresses and passwords were accessed, it claimed "we do not hold any financial or credit card information".

The company said 300,000 customers details had been stolen.

Partial card details

However, several customers' credit card details - including 10 digits of their card number, the expiry date and their home address - appear to have been published online.

Once alerted by BBC News, PayAsUGym chief executive Jamie Ward said "we didn't consider" that PayAsUGym holds partial credit card details.

He said customers could contact PayAsUGym directly to find out the exact information they hold.

He added: "We've been completely clear with every customer that has contacted us since our original statement on what we hold."

Security expert Mr Hunt, who tracks breached websites, said he came across several people's details online.

Mr Hunt said: "If it was me, and that information was public, I would cancel the card straight away."

Posted in: