Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Sergei Mikhailichenko/SOPA Images/LightRocket via Getty Images

Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.

The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.

  • The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
  • “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.

Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.

Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.

Fitness apps have proven vulnerabilities.

  • In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
  • “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
  • While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.

Go deeper

Oct 6, 2020 - Podcasts

American health care held for ransom

Last month, one of America's largest hospital chains was hit by a type of cybercrime known as a ransomware attack. Then, just days later, the same thing happened to a Philadelphia company called eResearch Technology, whose software is used in COVID-19 vaccine trials.

Axios Re:Cap digs into the growing threat with Nicole Perlroth, a New York Times cybersecurity reporter who broke the ERT news.

Updated 56 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Eniola Odetunde/Axios

Dave Lawler, author of World
1 hour ago - World

Biden holds first phone call with Putin, raises Navalny arrest

Putin takes a call in 2017. Photo: Handout/Anadolu Agency/Getty

President Biden on Tuesday held his first call since taking office with Vladimir Putin, pressing the Russian president on the arrest of opposition leader Alexey Navalny and the Russia-linked hack on U.S. government agencies.

The state of play: Biden also raised arms control, bounties allegedly placed on U.S. troops in Afghanistan and the war in Ukraine, according to a White House readout. The statement said Biden and Putin agreed maintain "consistent communication," and that Biden stressed the U.S. would "act firmly in defense of its national interests in response to actions by Russia that harm us or our allies."