Movati Athletic is asking many of its clients to reset their passwords after a system hack compromised 13,000 email addresses and passwords.
The fitness company sent an email to select clients on Thursday, June 2, 2016, notifying them that an unauthorized individual had accessed an email database. The breach is said to be limited to email addresses and passwords, but the company said the information could potentially be used in future phishing email scams or to gain access to other personal information. The information in question was not encrypted.
"We feel it was our duty and responsibility to inform you and make you aware of the steps to be taken to address this situation," Movati Athletic's CEO Chuck Kelly said in the email.
The breach was discovered on May 25th, and a cyber security team was alerted to this activity. Movati Athletic said the database was used for accessing an old version of a group fitness class schedule application.
"We have notified Toronto Police Services and the Ontario Information and Privacy Commissioner's Office," the email read.
'We have undertaken additional cyber monitoring. We are also in the process of augmenting our security protocols and system integrity."
Anyone who received an email from Movati Athletic or is concerned about their personal information is asked to reset their password used to enter the protected sections of the gym's website.