ASEC Blog publishes Ransom & Dark Web Issues Week 3, April 2026           Emergence of New Ransomware Groups: TiMC, BlackWater, and Lamashtu [1], [2], [3] NoName05716 Claims DDoS Attacks on South Korean Public & Private Sectors [1], [2], [3] VECT & TeamPCP Campaign: Supply Chain Attack Exploiting Global Travel Platform

European fitness giant Basic-Fit has confirmed a data breach involving unauthorized access to a central system that stores member information across multiple countries. The company disclosed the Basic-Fit data breach incident in a statement released on Monday. In the official statement, company informed that unknown hackers breached its systems and downloaded personal data belonging to members. “Today, Basic - Fit has notified the relevant data protection authority concerning unauthorized access to the system that records members’ visits to Basic -Fit clubs,” reads the statement released by European fitness giant Basic-Fit.

Basic-Fit Data Breach Detected and Contained Quickly

According to the company, the Basic-Fit data breach was identified through internal system monitoring processes. The unauthorized access was detected and stopped within minutes of discovery. Basic-Fit confirmed that it has notified the relevant data protection authority regarding the incident and has informed members whose data may have been affected. An investigation conducted with the support of external security experts revealed that some of the stored data had been downloaded during the breach. The company emphasized that it is continuing to monitor the situation closely with external specialists.

What Data Was Exposed in the Basic-Fit Data Breach

The Basic-Fit data breach involves sensitive personal information of active members across several countries. “The downloaded data concerns active members in several countries,” the company said. In the Netherlands alone, approximately 200,000 members have been impacted. The compromised data includes:

• Membership information
• Names and addresses
• Email addresses
• Phone numbers
• Dates of birth
• Bank account details

Basic-Fit clarified that it does not store identification documents of members and that no passwords were accessed during the breach. The company further noted that, based on current findings, there is no indication that the exposed data has been made publicly available or misused. “The investigation so far has not shown the data being available anywhere or having been misused. Together with external specialists, Basic - Fit continues to monitor the issue closely,” the release stated.

Centralized System Targeted

Dutch media reports indicate that the Basic-Fit data breach targeted a centralized system used to store member data from multiple countries. This system serves as a core repository for the company’s international operations. The scale of the incident extends beyond the Netherlands. Reports suggest that up to 1 million members out of Basic-Fit’s total 5.8 million memberships may have been affected across different regions. The Basic-Fit data breach is believed to have occurred recently, although an exact timeline has not been disclosed. As per regulatory requirements, the company reported the incident to the Dutch Data Protection Authority within 72 hours of identifying the breach.

Basic-Fit’s Ongoing Response

Basic-Fit claims to be the largest fitness operator and franchisor in Europe, operating in 12 countries through two brands. With more than 2,150 clubs and over 5.8 million members, the company provides fitness services at scale across the continent. In its statement, Basic-Fit reiterated that members could continue using its facilities while the company manages the fallout of the Basic-Fit data breach. The organization maintains that it is taking the incident seriously and working with cybersecurity experts to assess the full impact. The Cyber Express has reached out to Basic-Fit to obtain further details about the Basic-Fit data breach, including potential mitigation steps and long-term security improvements. However, as of the time of publication, no response has been received from the company. This remains a developing story. Further updates are expected as the investigation progresses, and more information becomes available regarding the scope and implications of the Basic-Fit data breach.

Undisclosed number of names and contact and reservation details accessed in latest cybercrime attempt

The accommodation reservation website Booking.com has suffered a data breach with “unauthorised parties” gaining access to customers’ details.

The platform said it “noticed some suspicious activity involving unauthorised third parties being able to access some of our guests’ booking information”.

Continue reading...

© Photograph: CrocusPhotography/Alamy

© Photograph: CrocusPhotography/Alamy

© Photograph: CrocusPhotography/Alamy

The Ministry of Finance cyberattack in the Netherlands has once again highlighted a growing concern: even critical government systems are struggling to stay ahead of increasingly advanced threats. While officials have moved quickly to contain the Ministry of Finance data breach, the incident highlights deeper structural challenges in public-sector cybersecurity. According to an official release, “The Ministry of Finance's ICT security detected unauthorized access to systems for a number of primary processes within the policy department on Thursday, March 19.” What makes this Ministry of Finance cyberattack particularly concerning is not just the breach itself, but the fact that it affected systems tied to “primary processes”—a term that signals operational significance rather than peripheral infrastructure.

Ministry of Finance Cyberattack: What Happened

The Ministry of Finance cyberattack came to light after a third party flagged suspicious activity, prompting an internal investigation. Security teams confirmed unauthorized access to several internal systems within a policy department. In response, authorities acted swiftly, blocking access and taking compromised systems offline. While this rapid containment is commendable, it also raises a critical question: why was external notification required in the first place? In mature cybersecurity environments, internal detection mechanisms are expected to identify anomalies before third parties do. The ministry clarified that services provided to citizens and businesses—particularly those linked to taxation, customs, and benefits—remain unaffected. However, the disruption to internal operations has impacted some employees, though the scale remains undisclosed. At this stage, officials have not confirmed whether sensitive data was accessed or exfiltrated. No threat actor has claimed responsibility, and investigators are still working to determine the entry point and intent behind the intrusion.

A Pattern of Cyber Incidents in the Netherlands

The Ministry of Finance cyberattack does not exist in isolation. It is part of a broader pattern of cybersecurity incidents affecting Dutch government institutions in recent months. A notable case involved the Dutch Custodial Institutions Agency (DJI), where a data breach exposed employee information, including email addresses, phone numbers, and security certificates. Reports suggest attackers may have maintained access to DJI’s internal systems for up to five months—a duration that points to gaps in detection and response capabilities. The breach was linked to a vulnerability in Ivanti Endpoint Manager Mobile, a widely used platform for managing enterprise devices. The same flaw also impacted other institutions, including the Dutch Data Protection Authority and the judiciary. In that case, attackers reportedly had the ability not only to access data but also to remotely control or wipe devices, an escalation that moves beyond data theft into operational disruption.

Why the Ministry of Finance Cyberattack Matters

The significance of the Ministry of Finance cyberattack goes beyond immediate disruption. It highlights three critical issues:

• Detection Gaps: The reliance on third-party alerts suggests that internal monitoring systems may not be fully optimized.
• Attack Surface Complexity: Government systems, often layered and legacy-heavy, present attractive targets with multiple entry points.
• Persistent Threat Actors: The DJI case shows attackers are willing—and able—to maintain long-term access without detection.

These factors combined indicate that cybersecurity is no longer just a technical issue but a governance challenge.

Government Response and the Road Ahead

Authorities have stated, “We will update this message when we can share more information.” While this cautious communication is understandable, transparency will be key in maintaining public trust—especially if sensitive data exposure is later confirmed. State Secretary Claudia van Bruggen acknowledged the seriousness of recent incidents, emphasizing the government’s responsibility to protect its workforce. At the same time, officials have reassured that there is no immediate danger to affected personnel. Still, reassurance alone is not enough. The Ministry of Finance cyberattack should serve as a catalyst for systemic improvements, ranging from stronger endpoint security to real-time threat detection and zero-trust architecture adoption.

The Netherlands’ largest newspaper, De Telegraaf, recently published an interview with a woman claiming to organise her own evacuation flights from Dubai, selling seats at €1,600 (US$ 1850) each. Four days later, her photo was removed from the article, though the interview remained.

Bellingcat has found that the original image not only includes artefacts commonly associated with generative AI, but that the flights referenced in the article do not appear to exist.

The story came at a time when thousands of Dutch people were reportedly seeking urgent ways to leave the region following Iranian missile and drone strikes across the Gulf in retaliation for US-Israeli strikes.

Published on De Telegraaf’s website on March 5, the headline reads: “Dutch people in the Middle East feel abandoned by the government: We just rented a plane ourselves.”

The Dutch minister of foreign affairs was confronted with this headline during a television interview, in which he described ongoing efforts by the Dutch government to repatriate citizens to the Netherlands.

The article features interviews with several Dutch people struggling to leave Dubai and Abu Dhabi, including Tamara Harema. Under the subheading “Dutch people hire their own plane”, Harema says she was “rebooked five times by Emirates” and that the official repatriation flights organised by the Dutch government were not ‘taking off’.

As part of a group, she says, they are organising buses and have hired an Airbus A321 to fly home. Harema is quoted as saying: “The first plane is already full, so we’re organising a second flight. Stranded travellers can contact us.”

However, several discrepancies in Harema’s photo, published in the original article, suggest it was AI-generated. No trace of a person matching Harema’s face or profile could be found, and flight-tracking data suggests no such plane took off.

The Photo

In the image below, the world’s tallest structure, Burj Khalifa, can be seen through the window overlooking the Dubai skyline. Each side of the tower is unique, with platforms that protrude at different heights and in different directions. It also contains several mechanical floors, which appear as dark bands in the photo.

By cross-checking the height of the visible platforms together with the location of the mechanical floors, it’s possible to determine that Harema’s hotel room faces north-west, towards the Burj Khalifa’s south-east-facing facade.

Several discrepancies are visible when comparing Harema’s photo with other images of the building, including an upper mechanical floor appearing higher than in other images and the absence of the water feature at the base of the building.

To establish whether Harema’s photo could have been taken several years earlier, Google Street View imagery was analysed from 2013 onwards. No match could be found when comparing the arrangement of buildings at the base of the Burj Khalifa.

Several other irregularities, as shown below, including the hotel room furniture and details of Harema’s clothing and jewellery, also suggest it may have been AI-generated.

Fully Booked Airbus A321

Regarding whether the plane existed, Harema says in her interview that buses have already been arranged to collect passengers from two locations in Dubai on Saturday, March 7, after which a 232-seater Airbus A321 will depart from Muscat, Oman, for the Netherlands.

The article notes the cost is €1,600 (US$ 1850) per person, without detours. “Although we read that a Dutch repatriation flight costs €600, just try getting on such a flight,” says Harema.

According to Flightradar24, multiple A321s departed Muscat on March 7 and 8, but none bound for the Netherlands. The only aircraft that did arrive in Amsterdam from Muscat were either government-organised repatriation flights or scheduled Oman Air services, none of which were Airbus A321s.

Two Airbus A321s were recorded on the ground at Muscat Airport on March 7. One, belonging to Gulf Air, later departed for Rome via Riyadh March 8. The other, operated by SalamAir, had been flying routes between Oman and Bangladesh until March 3, but has since remained in Muscat.

After contacting De Telegraaf, an explanation for the photo’s removal was added at the bottom of the article, stating that the photo did “likely not meet our journalistic guidelines.”

The newspaper’s deputy editor-in-chief, Joost de Haas, added:

“Regarding the quoted Tamara Harema, the editors contacted her after Mr. Chizki Loonstein—a long-standing source for one of our reporters—informed us about attempts to charter a plane. Mr Loonstein informed us that Ms Harema stayed in Dubai and could tell us more about it. This led to messages from which several quotes from Harema were extracted, as reproduced in the relevant passage of the article.”

A search for Loonstein led to a six-month-old report from another Dutch newspaper, NRC, which claimed that Loonstein, a lawyer, emigrated to Dubai after his legal company went bankrupt, leaving his clients, victims of fraud, worse off.

Contacted for comment, Loonstein confirmed that he knew Harema and had shared her contact details in “an app group” in relation to a flight from Muscat to Amsterdam. After this contact, Bellingcat sent him the photo of Harema to confirm her identity and asked him to share Harema’s contact details. In response, Loonstein refused to provide further comment. 

---

Merel Zoet and Claire Press contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post AI Used to Promote Non-Existent Evacuation Flights From the Middle East appeared first on bellingcat.

Countries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance.

The Dutch Defense Secretary recently said that he could jailbreak the planes to accept third-party software.

Police in The Netherlands say they have arrested a 40-year-old man on suspicion of hacking... after police officers accidentally sent him a link granting him access to their own confidential documents Read more in my article on the Hot for Security blog.