GarminPocalypse 9: Garmin Confirms Hack after BBC Report

Reading Time: 2 minutes

 

GarminPocalypse: Oh, it’s a hack – BBC confirms, Garmin issues 2nd Statement

Hey, guess what? It was a hack. Or, as Garmin say in their statement today,

“OLATHE, Kan.–(BUSINESS WIRE)–Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

“Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.”

Source: Garmin

Perhaps the BBC forced Garmin’s hand in an article today which, whilst it re-hashed, just about everything we’ve heard so far, it also added comments from an unnamed source of theirs (now removed) and yes the BBC do change the content in their posts (Source: waybackmachine).

Source: bbc

Drama over, let’s get back to training. Let’s hope that data makes it’s way back too.

You might also like

 

 

 

 

 

 

 

 

Support this site with purchases at these partners - should click to a local choice in your country

10 thoughts on “GarminPocalypse 9: Garmin Confirms Hack after BBC Report

    1. my third one !
      nothing to get excited about.
      in reality there may be lots of sub production version that none of us ever hear about eg the 2nd such version would have had the buttons silently fixed etc etc with subtle hardware changes

  1. This morning GarminConnect and GarminExpress are again not functional. I still can’t reinstall my FR945 settings and CIQ app. I thought it was OK from yesterday.

  2. “Additionally, the functionality of Garmin products was not affected, other than the ability to access online services”
    Ok, Garmin, if functionality of Garmin products was not affected, tell me how can I download again my CIQ app…

  3. Instead of running, today I spent another hour trying to setting up again my FR945. It’s already 10 AM. They told that the weak point of the FR945 was the Sony GPS chipset, in my opinion it’s his frustrating experience with internet (online services) and Garmin Connect in general. How many times do we have to read again “our servers are down”? OK, now they were hacked, but it’s not the first time that their servers are down.
    My rant is over, I promise I won’t complain any more.

  4. All rumour & hearsay but I read on a running forum that they paid up to decrypt the data, copied post below:

    https://www.reddit.com/r/sysadmin/comments/hy3sn0/how_fucked_is_garmin_any_insiders_here/fzb2uq7/

    TL;DR seems like all backups were corrupted/encrypted FIRST and then the other systems taken down. So they paid the ransom or they lost all user data.

    Multiple sources saying that Garmin obtained the decryption key, but did not ‘directly’ pay the hackers. Most times, corps will pay a middle man company to look after the payment, that way they can’t be fined by US Government for entering transactions with someone who is sanctioned, Evil Corp in this case.

    1. yes that was my assumption about what happened.
      on the occasions where i looked at corporate backups they were always done very carefully and in a super-considered and safe way. Except no-one ever tested the restore procedure.

      middle man: well. who pays the middle man, that’s collusion and equally as guilty in my eyes. I think the ‘crime’ of paying is unfair on Garmin (if they paid)

      1. I’ve seen a single person (stupidly) click on some email attachment at work & end up with all their files encrypted. Luckily we have daily snapshots going back 10 days so an easy fix. That little mishap was amateur hour compared to what happened to Garmin but shows how easily these things can happen.

        1. This had to be a probe of their system over a long period of time. I would not be surprised of some internal support within Garmin to find said Zero-Day exploit.

          That is just a opinion based on no information on my end.

Leave a Reply

Your email address will not be published. Required fields are marked *