Photo: Sergei Mikhailichenko/SOPA Images/LightRocket via Getty Images

Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.

The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.

  • The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
  • “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.

Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.

Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.

Fitness apps have proven vulnerabilities.

  • In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
  • “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
  • While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.

Go deeper

NSA releases guide on data dangers posed by devices and apps

Photo: Brooks Kraft LLC/Corbis via Getty Images

The NSA on Tuesday released a detailed guide on the dangers that cellphones, Internet of Things devices, social media accounts, and vehicle communications may pose to military and intelligence personnel.

The big picture: There are a whole host of ways devices like smartphones can be used to track individuals’ every move, and the NSA concludes that ditching them may be the only surefire way to avoid tracking by a determined adversary.

Updated 6 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 9 p.m. ET: 20,755,406 — Total deaths: 752,225— Total recoveries: 12,917,934Map.
  2. U.S.: Total confirmed cases as of 9 p.m. ET: 5,246,760 — Total deaths: 167,052 — Total recoveries: 1,774,648 — Total tests: 64,831,306Map.
  3. Politics: House Democrats to investigate scientist leading "Operation Warp Speed" vaccine projectMcConnell announces Senate will not hold votes until Sept. 8 unless stimulus deal is reached.
  4. 2020: Biden calls for 3-month national mask mandateBiden and Harris to receive coronavirus briefings 4 times a week.
  5. States: Georgia Gov. Brian Kemp to drop lawsuit over Atlanta's mask mandate.
  6. Business: Why the CARES Act makes 2020 the best year for companies to lose money.
  7. Public health: Fauci's guidance on pre-vaccine coronavirus treatments Cases are falling, but don't get too comfortable.

Trump says he intends to give RNC speech on White House lawn

President Trump speaking to reporters on South Lawn in July. Photo: Jabin Botsford/The Washington Post via Getty Images

President Trump told the New York Post on Thursday that he plans to deliver his Republican National Convention speech from the White House lawn, despite bipartisan criticism of the optics and legality of the location.

Why it matters: Previous presidents avoided blurring staged campaign-style events — like party conventions — with official business of governing on the White House premises, per Politico.