Exclusive A cyber security researcher claims British health club and gym chain Total Fitness flouted its data protection responsibilities by failing to lock down a database full of members' personal data.

Jeremiah Fowler told The Register that more than 474,000 images of both members and staff – including men, women and children – were stored in a database that was left unprotected and publicly available without the need for a password.

According to the researcher, who also alerted vpnMentor, the database was a total of 47.7 GB in size. It also included a cache of images that revealed individuals' identity documents, bank and debit card information, as well as phone numbers and immigration records in some rare cases, Fowler claimed.

"This raises privacy concerns about how companies collect images of members or customers, how they are stored, how long they are kept and who has access to them," Fowler said. “Many people choose to remain private online and do not publicly share images of themselves, their friends, families or children.