Garmin hack: Connect service went down in cyber attack, company confirms as outage continues

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Garmin was hit by a major cyber attack, the company has confirmed.

Its online services have been hit by an ongoing, days-long outage that left many of its products without some of their key features.

Now Garmin has confirmed that it was hit by a hack, but that users' personal data appears to be safe.

The company "was the victim of a cyber attack that encrypted some of our systems", it said, suggesting that rumours it had been hit by a ransomware attack – in which files are encrypted by hackers who free them in return for payment – were correct.

"As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications," it said. "We immediately began to assess the nature of the attack and started remediation.

"We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services."

Garmin's online services – including the Connect platform that is used by its devices for some of their central features – began to come back online on Monday morning. But the company stressed that there may still be problems over the coming days as the fallout from the hack continues.

"Affected systems are being restored and we expect to return to normal operation over the next few days," Garmin said in a statement. "We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed."

Garmin had said very little during the outage, initially only confirming that its systems were down, though it released an update on Saturday evening to assure users that their data appeared to be safe. The new statement, issued on Monday evening, was the first time the company confirmed the problems had been caused by a cyber attack.

It did not confirm the nature of the hack, which rumours have indicated may been the result of the "WastedLocker" attack that has already been used on a number of other high-profile companies. It also gave no detail on how the company had recovered from the attack, such as whether any kind of ransom had been paid.

Because Garmin products rely heavily on their connection to phones and to the company's online services, many features stopped working as soon as they were knocked offline. It meant that users of its aviation products were unable to update their maps, for instance, and the fitness products could not easily upload activities or pull down new courses.

Users have been able to carry out a manual workaround to get information onto and off their products, as Garmin's online services continue to be hit by problems.

Strava data showed the full impact of that outage, with the number of activities being uploaded to the service rapidly dropping as the outage hit.