Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on the day's biggest business stories
Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter
Stay on top of the latest market trends
Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.
Sports news worthy of your time
Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.
Tech news worthy of your time
Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.
Get the inside stories
Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Want a daily digest of the top Denver news?
Get a daily digest of the most important stories affecting your hometown with Axios Denver
Want a daily digest of the top Des Moines news?
Get a daily digest of the most important stories affecting your hometown with Axios Des Moines
Want a daily digest of the top Twin Cities news?
Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities
Want a daily digest of the top Tampa Bay news?
Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay
Want a daily digest of the top Charlotte news?
Get a daily digest of the most important stories affecting your hometown with Axios Charlotte
Photo: Sergei Mikhailichenko/SOPA Images/LightRocket via Getty Images
Garmin, a major fitness tech company that tracks many users’ workout routines and GPS coordinates, was the victim of a ransomware attack, the company confirmed Monday.
The big picture: The attack, first reported by TechCrunch, froze “the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.” Garmin’s “aviation navigation and route-planning service” was also affected, says TechCrunch.
- The ransomware used in the attack, known as WastedLocker, is associated with Evil Corp, a notorious Russian cyber crime group whose leaders were sanctioned by the Treasury Department in 2019.
- “We have no indication that any customer data, including payment information ... was accessed, lost or stolen,” Garmin wrote in its statement Monday.
Our thought bubble: Although it’s heartening that Garmin claims no data was exfiltrated during the ransomware attack, a Russian hacker group gaining access to millions of users’ workout and travel data should serve as yet another wake-up call to the dangers of commercial tracking data.
Why it matters: Among the millions of users whose data was frozen, it is a safe bet that more than a few were U.S. military and intelligence operatives.
Fitness apps have proven vulnerabilities.
- In 2018, data leakage from the Strava fitness app revealed the location of secret U.S. military bases abroad.
- “Pattern of life” analysis is a critical tool in 21st century intelligence operations, and information contained in a seemingly innocuous fitness tracker can offer gold mines to a foreign intelligence service.
- While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.