The Garmin hack could have been a disastrous, large scale privacy breach

Posted on Jul 29, 2020 by Caleb Chen
The Garmin hack could have been a large scale privacy breach

Garmin recently suffered a ransomware attack that crippled services for days. The ransomware attack could have been a cover for a more targeted attack on individuals around the world. This wouldn’t be the first time that a more public facing hack ends up being a smokescreen for a more targeted attack. In the recent Twitter hack, most people were bedazzled by the amounts of bitcoin being sent to the bitcoin addresses posted by the compromised accounts of the likes of Bill Gates, Joe Biden, and Elon Musk. The thing is, private direct messages for 36 targets and whole Twitter data dumps for 8 targets were downloaded amid all that mess and the full ramifications of the hack have yet to be felt. While there’s no indication from Garmin – and in fact there is adamant denial on their end – that customers’ personal information or location was accessed, it very easily could have been and that mere fact should scare you greatly.

John Scott-Railton, a senior researcher at Citizen Lab, explained the privacy risk to VICE:

“For consumers, Garmin clearly represents a repository of really detailed information. You turn on your thing when you leave your residence, and you turn it off when you get home. Sometimes, you take a jog in the middle of the day and you’re trying to collect steps at work. These are all things that speak of who you are and what you do and where you live, and can all be quickly turned into identifying information.”

Zach Dorfman of the Aspen Institute wrote for Axios:

“While the Garmin breach may have ended without mass data leakage, the next major fitness tracking company to be hacked may not be so lucky.”

A privacy breach of location data would be disastrous

While individual users of Garmin products could have been targeted by the hackers, the real losers in such a privacy breach could have actually been the government. It was just a few years ago that a similar GPS based fitness company called Strava found its data used to identify the location of secret military bases. A new study by Osana highlights that companies with poor privacy practices enjoy an increased chance of a catastrophic data breach. Garmin’s recent ransomware debacle highlights that fact. Hopefully, the increased amounts of data breaches, ransomware attacks, and other cyber hacking is finally enough to force the government to pass legislation that actually holds companies accountable for letting hackers breach the privacy of their users.