Anytime Fitness
Company Details
Linkedin ID:
anytime-fitness
Website:
Employees number:
17,439
Number of followers:
93,421
NAICS:
None
Industry Type:
Homepage:
anytimefitness.com
IP Addresses:
0
Company ID:
ANY_8185872
Scan Status:
In-progress
Anytime Fitness Company CyberSecurity Posture
anytimefitness.com
Anytime Fitness is the healthiest franchise opportunity on the planet. As the fastest-growing fitness franchise in the world, Anytime Fitness helps more than three million members in more than three thousand gyms around the globe get to a healthier place. Recently honored as the world’s “Top Global Franchise” by Entrepreneur magazine, Anytime Fitness offers entrepreneurs a convenient and affordable recurring-revenue business model. Franchisees enjoy the luxury of being their own boss, and are given the resources and support to achieve a healthy work/life balance. Anytime Fitness is the perfect fit for entrepreneurs seeking the opportunity to run a business that has the potential to make a profound difference in people’s lives. Entrepreneur Magazine • Top 500 Franchises — 1st • Top Fitness Franchises — 1st • Fastest Growing Franchises — 10th • Top Global Franchises — 10th • Top Franchise for Military Veterans — 4th Forbes • America's Most Promising Companies — 14th • Top 20 Franchises for the Buck — 18th • #9 Best Franchises in America USA Today • Top 50 Franchises for Minorities • Top 50 Franchises for Veterans CNN Money • Top 10 Great Franchise Bets Franchise Times Magazine • #6 Fast and Serious List Club Business International | Magazine • Fastest-Growing Fitness Club in the World • #1 Fitness Franchise in the World • #4 Number of Members • #2 Revenues Star Tribune • Top Workplaces | 2011, 2012, 2013 Minnesota Business Magazine • Best Large Company to Work | 2012, 2013, 2014 G.I. Jobs • Top Military Friendly Franchise | 2010, 2011, 2012, 2013 & 2014 National Minority Franchising Initiative • Top 50 Franchises for Minorities | 2011, 2012, 2013 & 2014 IHRSA - International Health, Racquet and Sportsclub Association • Fastest Growing Fitness Club in the World WorldFranchising.com • Top 25 Franchises for Hispanics FranchiseChatter.com • #1 Best Franchise Business Model
Anytime Fitness A.I CyberSecurity Scoring
Anytime Fitness Risk Score (AI oriented)Between 750 and 799
Anytime Fitness
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Anytime Fitness Global Score (TPRM)XXXX
Anytime Fitness
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Anytime Fitness Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Self Esteem Brands LLC (Purpose Brands)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Self Esteem Brands LLC (operating as Purpose Brands) experienced a **cybersecurity incident** between **December 19, 2023, and June 6, 2024**, exposing sensitive personal data of U.S. consumers. The breach compromised **names, Social Security numbers, tax IDs, driver’s license/passport numbers, financial account details, payment card information, health records, and health insurance data**. The company settled a class-action lawsuit, offering affected individuals reimbursement for **documented losses (up to $5,000 for identity theft/fraud, $2,000 for out-of-pocket expenses)**, compensation for lost time ($80 max), and **two years of credit monitoring with $1M identity theft insurance**. The breach led to potential **identity theft, financial fraud, and reputational harm**, with the settlement fund covering administrative costs, legal fees, and payouts to victims. The incident underscores risks of **unauthorized access to highly sensitive personal and financial data**, though the company denied wrongdoing.
Anytime Fitness Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Anytime Fitness
Incidents vs Health, Wellness & Fitness Industry Average (This Year)
No incidents recorded for Anytime Fitness in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Anytime Fitness in 2025.
Incident Types Anytime Fitness vs Health, Wellness & Fitness Industry Avg (This Year)
No incidents recorded for Anytime Fitness in 2025.
Incident History — Anytime Fitness (X = Date, Y = Severity)
Anytime Fitness cyber incidents detection timeline including parent company and subsidiaries
Anytime Fitness Company Subsidiaries
Anytime Fitness is the healthiest franchise opportunity on the planet. As the fastest-growing fitness franchise in the world, Anytime Fitness helps more than three million members in more than three thousand gyms around the globe get to a healthier place. Recently honored as the world’s “Top Global Franchise” by Entrepreneur magazine, Anytime Fitness offers entrepreneurs a convenient and affordable recurring-revenue business model. Franchisees enjoy the luxury of being their own boss, and are given the resources and support to achieve a healthy work/life balance. Anytime Fitness is the perfect fit for entrepreneurs seeking the opportunity to run a business that has the potential to make a profound difference in people’s lives. Entrepreneur Magazine • Top 500 Franchises — 1st • Top Fitness Franchises — 1st • Fastest Growing Franchises — 10th • Top Global Franchises — 10th • Top Franchise for Military Veterans — 4th Forbes • America's Most Promising Companies — 14th • Top 20 Franchises for the Buck — 18th • #9 Best Franchises in America USA Today • Top 50 Franchises for Minorities • Top 50 Franchises for Veterans CNN Money • Top 10 Great Franchise Bets Franchise Times Magazine • #6 Fast and Serious List Club Business International | Magazine • Fastest-Growing Fitness Club in the World • #1 Fitness Franchise in the World • #4 Number of Members • #2 Revenues Star Tribune • Top Workplaces | 2011, 2012, 2013 Minnesota Business Magazine • Best Large Company to Work | 2012, 2013, 2014 G.I. Jobs • Top Military Friendly Franchise | 2010, 2011, 2012, 2013 & 2014 National Minority Franchising Initiative • Top 50 Franchises for Minorities | 2011, 2012, 2013 & 2014 IHRSA - International Health, Racquet and Sportsclub Association • Fastest Growing Fitness Club in the World WorldFranchising.com • Top 25 Franchises for Hispanics FranchiseChatter.com • #1 Best Franchise Business Model
Loading...
Anytime Fitness Similar Companies
Norman Smile Center is Norman's premier destination for all of your dental needs. Dentists Jamie Belknap, DDS, Donna Sparks, DDS, and Kristen Campbell, DDS, Norman OK, practice a full scope of general and cosmetic dentistry with expertise ranging from porcelain veneers to dental implants, crowns and
.png)
Anytime Fitness CyberSecurity News
September 09, 2025 07:00 AM
Call audio from gym members, employees in open database
Exclusive Sensitive info from hundreds of thousands of gym customers and staff – including names, financial details, and potentially...
September 09, 2025 07:00 AM
Gym Communications Platform Exposed 1.6 Million Calls and Voicemails Containing the PII of Top Fitness Centers Members
Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database...
December 28, 2024 08:00 AM
Planet Fitness SWOT Analysis (2025)
The Planet Fitness SWOT analysis is vital for understanding the dynamics of one of the largest and fastest-growing fitness franchises in the...
May 03, 2024 07:00 AM
Cybersecurity drill could be 'for real tomorrow' - NCSC
Ireland has taken part in a major international cyber defence training exercise involving critical infrastructure coming under simulated...
January 17, 2024 08:00 AM
Army Vet Achieves Dream of Owning Gym with Workout Anytime Franchise
Scotty Carlisle served in the Army and returned to civilian life with a list of goals. After achieving them all, he realized he wanted more,...
August 03, 2021 07:00 AM
Fitness Cybersecurity: Risks and Ways to Stay Cyber Fit
Do you work out? Before COVID-19 struck, over 1 in 5 Americans belonged to at least one health club or studio in the US in 2019. As gyms and...
April 21, 2021 07:00 AM
Cybersecurity risks exposed in fitness trackers and children’s toys | UCL News - UCL
Fitness devices and children's smart toys, as well as other connected devices, can be easily manipulated by domestic abusers seeking to...
December 23, 2020 11:45 PM
CCI joins NATO Cyber Coalition 2020 exercise
Former-military members of CCI joined the Irish Team for Exercise Cyber Coalition, which is NATO's flagship annual Cyber Defence Exercise.
March 22, 2019 07:00 AM
Netherlands police, Heineken win private sector cybersecurity exercise
A team made up of the Netherlands' National Cyber Security Centre and Heineken have won the Cyber Core 2019 exercise that simulated a wave...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Anytime Fitness CyberSecurity History Information
Official Website of Anytime Fitness
The official website of Anytime Fitness is http://AnytimeFitness.com.
Anytime Fitness’s AI-Generated Cybersecurity Score
According to Rankiteo, Anytime Fitness’s AI-generated cybersecurity score is 778, reflecting their Fair security posture.
How many security badges does Anytime Fitness’ have ?
According to Rankiteo, Anytime Fitness currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Anytime Fitness have SOC 2 Type 1 certification ?
According to Rankiteo, Anytime Fitness is not certified under SOC 2 Type 1.
Does Anytime Fitness have SOC 2 Type 2 certification ?
According to Rankiteo, Anytime Fitness does not hold a SOC 2 Type 2 certification.
Does Anytime Fitness comply with GDPR ?
According to Rankiteo, Anytime Fitness is not listed as GDPR compliant.
Does Anytime Fitness have PCI DSS certification ?
According to Rankiteo, Anytime Fitness does not currently maintain PCI DSS compliance.
Does Anytime Fitness comply with HIPAA ?
According to Rankiteo, Anytime Fitness is not compliant with HIPAA regulations.
Does Anytime Fitness have ISO 27001 certification ?
According to Rankiteo,Anytime Fitness is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Anytime Fitness
Anytime Fitness operates primarily in the Health, Wellness & Fitness industry.
Number of Employees at Anytime Fitness
Anytime Fitness employs approximately 17,439 people worldwide.
Subsidiaries Owned by Anytime Fitness
Anytime Fitness presently has no subsidiaries across any sectors.
Anytime Fitness’s LinkedIn Followers
Anytime Fitness’s official LinkedIn profile has approximately 93,421 followers.
NAICS Classification of Anytime Fitness
Anytime Fitness is classified under the NAICS code None, which corresponds to Others.
Anytime Fitness’s Presence on Crunchbase
No, Anytime Fitness does not have a profile on Crunchbase.
Anytime Fitness’s Presence on LinkedIn
Yes, Anytime Fitness maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/anytime-fitness.
Cybersecurity Incidents Involving Anytime Fitness
As of December 11, 2025, Rankiteo reports that Anytime Fitness has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Anytime Fitness has an estimated 3,954 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Anytime Fitness ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
What was the total financial impact of these incidents on Anytime Fitness ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $0.
How does Anytime Fitness detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an recovery measures with class action settlement offering compensation and credit monitoring, and communication strategy with notices sent to affected individuals with claim instructions (unique id/pin provided)..
Incident Details
Can you provide details on each incident ?
Title: Purpose Brands (Self Esteem Brands) Data Breach
Description: A cybersecurity incident affecting Self Esteem Brands (doing business as Purpose Brands) occurred between December 19, 2023, and June 6, 2024, exposing sensitive personal information of U.S. consumers. The breach led to a class action lawsuit, with the company agreeing to a settlement offering compensation, credit monitoring, and identity theft protection to affected individuals.
Date Detected: 2024-06-06
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach PUR3203232111425
Data Compromised: Names, Social security numbers, Tax identification numbers, Driver’s license numbers, Passport numbers, Financial account information, Payment card information, Health information, Health insurance information
Brand Reputation Impact: Class action lawsuit and settlement
Legal Liabilities: Class action lawsuit settled; company denies wrongdoing
Identity Theft Risk: High (SSNs, financial, and health data exposed)
Payment Information Risk: High (payment card and financial account information exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $0.00.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Financial Data, Health Information and .
Which entities were affected by each incident ?
Incident : Data Breach PUR3203232111425
Entity Name: Self Esteem Brands LLC (dba Purpose Brands)
Entity Type: Corporation
Industry: Health/Wellness (Franchise Business, e.g., Anytime Fitness)
Location: United States
Customers Affected: U.S. residents notified of the breach (exact number undisclosed)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach PUR3203232111425
Recovery Measures: Class action settlement offering compensation and credit monitoring
Communication Strategy: Notices sent to affected individuals with claim instructions (unique ID/PIN provided)
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach PUR3203232111425
Type of Data Compromised: Personally identifiable information (pii), Financial data, Health information
Sensitivity of Data: High (includes SSNs, tax IDs, health, and financial data)
Data Exfiltration: Likely (files containing personal information exposed)
Personally Identifiable Information: NamesSocial Security numbersTax identification numbersDriver’s license numbersPassport numbers
Ransomware Information
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Class action settlement offering compensation and credit monitoring.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach PUR3203232111425
Legal Actions: Class action lawsuit settled (no admission of wrongdoing)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit settled (no admission of wrongdoing).
References
Where can I find more information about each incident ?
Incident : Data Breach PUR3203232111425
Source: Class Action Settlement Notice
Incident : Data Breach PUR3203232111425
Source: Settlement Administrator Contact
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Class Action Settlement Notice, and Source: Settlement Administrator Contact.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach PUR3203232111425
Investigation Status: Settled (class action lawsuit resolved; no further details on forensic investigation)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notices sent to affected individuals with claim instructions (unique ID/PIN provided).
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach PUR3203232111425
Stakeholder Advisories: Notices sent to affected individuals with claim instructions (ID/PIN provided for online claims).
Customer Advisories: Eligible individuals can file claims for compensation (up to $5,000), credit monitoring (2 years), or a $25 cash payment. Deadline: December 31, 2025.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Notices sent to affected individuals with claim instructions (ID/PIN provided for online claims)., Eligible individuals can file claims for compensation (up to $5,000), credit monitoring (2 years), or a $25 cash payment. Deadline: December 31 and 2025..
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach PUR3203232111425
Corrective Actions: Settlement agreement (compensation, credit monitoring) to mitigate harm to affected individuals.
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Settlement agreement (compensation, credit monitoring) to mitigate harm to affected individuals..
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2024-06-06.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was {'settlement_fund': {'administration_costs': '$14,400', 'attorneys_fees': '$150,000', 'class_representative_award': '$3,000', 'credit_monitoring_costs': 'Dependent on valid claims', 'payments_to_class_members': 'Dependent on valid claims'}, 'compensation': {'ordinary_losses': 'Up to $2,000 (documented out-of-pocket expenses + $80 for lost time)', 'extraordinary_losses': 'Up to $5,000 (identity theft/fraud)', 'alternative_cash_payment': '$25 (one-time, no documentation required)'}}.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Social Security numbers, Tax identification numbers, Driver’s license numbers, Passport numbers, Financial account information, Payment card information, Health information, Health insurance information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Payment card information, Financial account information, Names, Social Security numbers, Tax identification numbers, Health insurance information, Passport numbers, Health information and Driver’s license numbers.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit settled (no admission of wrongdoing).
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Class Action Settlement Notice and Settlement Administrator Contact.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Settled (class action lawsuit resolved; no further details on forensic investigation).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Notices sent to affected individuals with claim instructions (ID/PIN provided for online claims)., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Eligible individuals can file claims for compensation (up to $5,000), credit monitoring (2 years), or a $25 cash payment. Deadline: December 31 and 2025.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=anytime-fitness' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
