Photo: Sergei Mikhailichenko/SOPA Images/LightRocket via Getty Images

Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.

The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.

  • The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
  • “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.

Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.

Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.

Fitness apps have proven vulnerabilities.

  • In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
  • “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
  • While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.

Go deeper

Oct 6, 2020 - Podcasts

American health care held for ransom

Last month, one of America's largest hospital chains was hit by a type of cybercrime known as a ransomware attack. Then, just days later, the same thing happened to a Philadelphia company called eResearch Technology, whose software is used in COVID-19 vaccine trials.

Axios Re:Cap digs into the growing threat with Nicole Perlroth, a New York Times cybersecurity reporter who broke the ERT news.

Senate advances Amy Coney Barrett nomination, setting up final confirmation vote

Photo: Xinhua/Ting Shen via Getty Images

The Senate voted 51-48 on Sunday to advance the Supreme Court nomination of Judge Amy Coney Barrett, setting up a final confirmation vote for Monday.

Why it matters: It's now virtually inevitable that the Senate will vote to confirm President Trump's third Supreme Court nominee before the election, which is just nine days away.

Felix Salmon, author of Capital
2 hours ago - Economy & Business

Wall Street is living up to its bad reputation

Illustration: Sarah Grillo/Axios

Recent headlines will have you convinced that Wall Street is hell-bent on living up to all of its stereotypes.

Driving the news: Goldman Sachs is the biggest and the boldest, paying more than $5 billion in fines in the wake of the 1MDB scandal, in which billions were stolen from the people of Malaysia.