Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Photo: Sergei Mikhailichenko/SOPA Images/LightRocket via Getty Images
Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.
The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.
- The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
- “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.
Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.
Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.
Fitness apps have proven vulnerabilities.
- In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
- “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
- While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.