Bodybuilding

Bodybuilding.com Reports Security Breach Affecting Customer Data

Bodybuilding.com has disclosed a security breach that impacted its information technology systems and potentially compromised customer data. The breach was attributed to a phishing email received in July 2018, which ultimately led to unauthorized access to the company's network by February 2019. The company publicly disclosed the incident on April 19, 2019, after completing its investigation on April 12, 2019.

Details of the Security Breach

The breach affected more than 4.4 million customers, with personal details potentially exposed. However, Bodybuilding.com has confirmed that no Social Security numbers or credit information were accessed during the incident. The unauthorized access was traced back to a phishing email received in July 2018, which allowed hackers to infiltrate the company's network by February 2019.

Customer data was stored in a third-party application, which was involved in the breach. Despite the compromise, no credit card information was leaked. The breach highlights the risks associated with customer-support systems and the vulnerabilities that can arise from third-party applications.

Timeline of Events

The security breach was detected on July 30, 2025, after it had occurred on July 28, 2025. Upon detection, Bodybuilding.com took immediate action to investigate the scope and impact of the breach. The investigation concluded on April 12, 2019, leading to the public disclosure of the incident on April 19, 2019.

Regulators were notified of the breach via the Maine Attorney General, as part of the company's compliance with legal obligations. This notification was part of a broader effort to ensure transparency and maintain trust with both the public and regulatory bodies.

Impact on Customers

The breach affected a total of 4,461,511 individuals, with exposed data including names and possibly other personal details. However, Bodybuilding.com has assured customers that Social Security numbers and credit reports were not accessed during the breach. The company has not reported any fraudulent activity related to the exposed data at this time.

Customers affected by the breach are advised to monitor their accounts closely for any suspicious activity. Bodybuilding.com is taking steps to enhance its security measures and prevent similar incidents in the future. This includes reviewing and strengthening its customer-support systems and third-party application security protocols.

Looking Forward: Enhancing Security Measures

This incident marks the first major security issue for Bodybuilding.com since 2008. In response to the breach, the company is focusing on improving its cybersecurity infrastructure to safeguard against future threats. This includes implementing advanced security training for employees to recognize and respond to phishing attempts more effectively.

Bodybuilding.com is also working with cybersecurity experts to identify potential vulnerabilities within its IT systems and to develop strategies for mitigating these risks. By prioritizing security enhancements, the company aims to restore customer confidence and protect sensitive information from unauthorized access.

The breach at Bodybuilding.com underscores the ongoing challenges companies face in securing customer data and highlights the importance of robust cybersecurity measures in today's digital landscape.