GarminPocalypse 9: Garmin Confirms Hack after BBC Report

Affiliate Disclosure: All links earn commission

Reading Time: 2 minutes

 

GarminPocalypse: Oh, it’s a hack – BBC confirms, Garmin issues 2nd Statement

Hey, guess what? It was a hack. Or, as Garmin say in their statement today,

“OLATHE, Kan.–(BUSINESS WIRE)–Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

“Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.”

Source: Garmin

Perhaps the BBC forced Garmin’s hand in an article today which, whilst it re-hashed, just about everything we’ve heard so far, it also added comments from an unnamed source of theirs (now removed) and yes the BBC do change the content in their posts (Source: waybackmachine).

Source: bbc

Drama over, let’s get back to training. Let’s hope that data makes it’s way back too.

You might also like

 

 

 

 

 

 

 

 

Support this site with purchases at these partners - should click to a local choice in your country
Subscribe
Notify of
guest
10 Comments
oldest
newest most voted
Inline Feedbacks
View all comments
driscoll42

945 v3?

MirkoSurf&Run

This morning GarminConnect and GarminExpress are again not functional. I still can’t reinstall my FR945 settings and CIQ app. I thought it was OK from yesterday.

MirkoSurf&Run

“Additionally, the functionality of Garmin products was not affected, other than the ability to access online services”
Ok, Garmin, if functionality of Garmin products was not affected, tell me how can I download again my CIQ app…

MirkoSurf&Run

Instead of running, today I spent another hour trying to setting up again my FR945. It’s already 10 AM. They told that the weak point of the FR945 was the Sony GPS chipset, in my opinion it’s his frustrating experience with internet (online services) and Garmin Connect in general. How many times do we have to read again “our servers are down”? OK, now they were hacked, but it’s not the first time that their servers are down.
My rant is over, I promise I won’t complain any more.

John Kissane

All rumour & hearsay but I read on a running forum that they paid up to decrypt the data, copied post below:

https://www.reddit.com/r/sysadmin/comments/hy3sn0/how_fucked_is_garmin_any_insiders_here/fzb2uq7/

TL;DR seems like all backups were corrupted/encrypted FIRST and then the other systems taken down. So they paid the ransom or they lost all user data.

Multiple sources saying that Garmin obtained the decryption key, but did not ‘directly’ pay the hackers. Most times, corps will pay a middle man company to look after the payment, that way they can’t be fined by US Government for entering transactions with someone who is sanctioned, Evil Corp in this case.

John Kissane

I’ve seen a single person (stupidly) click on some email attachment at work & end up with all their files encrypted. Luckily we have daily snapshots going back 10 days so an easy fix. That little mishap was amateur hour compared to what happened to Garmin but shows how easily these things can happen.

Justin

This had to be a probe of their system over a long period of time. I would not be surprised of some internal support within Garmin to find said Zero-Day exploit.

That is just a opinion based on no information on my end.