HUNDREDS of sports centre users may have had their bank details stolen by computer hackers.
More than 1,400 people who booked sessions online have been contacted by New Forest District Council following the discovery that someone has hacked into its website.
They have been warned that their names, telephone numbers and e-mail addresses could have been accessed.
Potential victims of the security breach include 240 people who also paid online and have been told that their credit and debit card details may have fallen into the wrong hands.
The council’s chief executive, Dave Yates, is urging them to monitor their bank accounts and look out for any signs of suspicious activity.
Police have launched an investigation into what the authority is describing as a “malicious attack” on its computer system.
A council spokesman said the website was shut down as soon as the unauthorised access was detected.
She added: “All the people we’ve contacted could potentially have been affected. There is no evidence to suggest that the intruder has accessed customers’ personal data but there is a possibility that this could have happened.
“For 240 customers only there is a remote possibility of their credit/debit card details being accessed.”
Council bosses have alerted a total of 1,434 sports centre users.
The figure is based on the number of people who have used its new online booking system, which was introduced earlier this year for badminton players and customers wanting to take part in group exercise sessions.
Action is now being taken to prevent it happening again.
The Tory-controlled council operates five health and leisure centres at Applemore, Lymington, New Milton, Ringwood and Totton.
Its website is now back up and running, having been shut down for several days.
But members of the Liberal Democrat opposition group are demanding answers.
Cllr David Harrison said: “We will be asking some searching questions as to how website security appears to have been breached.”
* Part of Mr Yates’ letter to potential victims says: “We are writing to inform you that our web security team detected a malicious attack on our website.
“We have established that unauthorised access was gained to the health and leisure online book and pay system.
“There is a remote possibility that, as a user of the online booking system, your personal data may have been viewed by the intruder. However, from our investigation there is no evidence that this has taken place.
“If you have any concerns about your credit/debit card account, you should contact your bank or card provider.
“Additionally, as a precaution, you should review your bank and credit card statements regularly to look for unusual or suspicious activity.”