Garmin Confirms Cyber-Attack

Posted on July 28, 2020 by Paul Thurrott in Wearables with 14 Comments

After several days of uncertainty, Garmin this week conceded that it was the victim of a cyber-attack but said that no user data had been stolen. The firm never uses the word “ransomware,” but it’s pretty clear that that was the point of the attack.

“Garmin announced it was the victim of a cyber-attack that encrypted some of our systems on July 23, 2020,” the firm explains in a press release. “As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.”

Since connecting to online services is the functionality of most Garmin products, the firm’s customers are understandably upset about the downtime, which now looks to stretch up to the one-week mark: Garmin now says that it expects “to return to normal operation over the next few days.” But the issues could continue even beyond that, thanks to a backlog of information it will need to process.

Tagged with

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register
Comments (15)

15 responses to “Garmin Confirms Cyber-Attack”

  1. Avatar

    matsan

    Lost my 325 day long +10k daily step streak... %&@##! Grrr...

    • Avatar

      tomker

      In reply to matsan:

      Take a deep breath. It's OK. You lost nothing. It will all upload as long as it's on your device. All my activities from my watch and my bike computer from during this down time uploaded and synced with Strava just fine this morning.

  2. Avatar

    retrodrone

    Any word on whether or not they paid the ransom?? Hope not.

  3. Avatar

    cavalier_eternal

    "the functionality of Garmin products was not affected, other than the ability to access online services."


    I have a couple Garmin devices and that statement is particularly amusing given how many features depend on online services. They also don't allow their smartphone app to hold data locally. So if you did something like went for a run, bike, swim or whatever you couldn't see it on the phone app because online services were down.


    A side note, the way they handled this with their customers was just terrible. There was no communication other than a banner in the the phone app that says they were doing maintenance and to try back soon. Arguably that was just straight up dishonest.


    • Avatar

      billreilly

      In reply to cavalier_eternal:

      I have a Garmin cycling computer and all rides and data are stored in the unit, so when I get home I can save them directly to Strava, Komoot or any other service without using any of Garmin's websites or apps.

      • Avatar

        cavalier_eternal

        In reply to billreilly:

        Yeah you could upload to Strava, but Strava doesn't offer the detail that Garmin Connect does. Or at least not for running and swimming. So everything for those two was stuck on the watch which also didn't show the full data. For cycling I'm mostly concerned with power and cadence which Strava supports. All the devices lost the ability to send workouts to them which would have been a giant pain in the ass if I had actually been doing tri training. Coronavirus pretty much put a damper on that for the year so everything at this point is base work. Its just dumb that the App on the phone can't show you your workout info and is completely dependent on connecting back to Garmin.


        I have a Edge 1030 that I use for bike touring because of the map support. I actually used it for a ride across Germany two summers ago. That too would have been hobbled because I wouldn't have been able to download the regional maps. Not an issue for me personally during this outage but damn that would have been infuriating to fly to another country and lose the ability to navigate.


  4. Avatar

    compunut

    "We have no indication that any customer data"


    Ummm, so they are staring at a bunch of computers that have been encrypted where they probably can't see anything. Of course there is no 'indication', they are blind to it. <sigh>

    • Avatar

      Paul Thurrott

      Having suffered from a ransomware attack, I understand the language. We said the same thing to our own users because that was the case for us as well. But we also advised users to just reset their passwords because ... You never know, I guess. You don't want to state something with certainty when you're not really sure.
  5. Avatar

    RonV42

    I have no data, sleep , steps, workouts, etc. Nothing is feeding to my work health data that they use for providing discounts on health insurance. Yes the IoT world we are living in is showing how fragile it really is.

Leave a Reply