Garmin knocked out by ransomware attack

Will fitness tracker manufacturer be able to step up its security?

Garmin

Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.

Not only is it currently impossible for Garmin customers to log into Garmin Connect to record and analyse their health and fitness data, but also the company’s call centres are unable to answer telephone calls, receive emails, or participate in online chats.

As ZDNet reports, the company’s Taiwanese production line has also been affected.

Garmin outage

We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.

In short, Garmin’s infrastructure has suffered a massive failure – and, although the company has not officially confirmed it, the finger of suspicion points strongly in the direction of a ransomware attack.

The annoying thing for Garmin’s IT support staff will be that they may be frantically running around like headless chickens at the moment, but their steps won’t be being recorded.

Sign up to our free newsletter.
Security news, advice, and tips.

Joking aside, the danger isn’t only that fitness fanatics may not be able to record how many miles they jogged today.

Garmin also provides services for aviators and sailors, meaning they may not be able to use their trusted apps for weather reports or filing flight plans.

Furthermore, many ransomware attacks today are combined with data theft – where the attackers will not only encrypt data, locking workers out of systems, but also steal sensitive information from a company in order to apply further pressure for a ransom to be paid.

If, and it’s a big if, Garmin’s attackers had managed to seize data revealing users’ entire location history, then that would undoubtedly be a very attractive treasure trove for intelligence agencies with an interest in particular individuals.

In the past, concerns have been raised about how fitness tracking app Strava could reveal sensitive information about the movement patterns of military personnel.

Update: Garmin staggers back online after ransomware attack.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Garmin knocked out by ransomware attack”

  1. Chris

    Surely "not encrypt data" should read "not ONLY encrypt data".

    1. Graham CluleyGraham Cluley · in reply to Chris

      Whoopsadaisy. Well spotted. Now fixed. Thanks!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.