Apparent Garmin Aviation Data Breach

NOTICE: If you use a subscription Garmin Aviation product impacted by the current service outage and possible data breach, contact the Arnold Law Firm at (916) 777-7777.

red code on a screenOn July 23, 2020, Garmin, a GPS navigation and wearable technology manufacturer, abruptly shut down its internal network, production systems and services, including the flyGarmin app, a popular navigation service that supports Garmin’s aviation devices.

According to a service outage update from Garmin Aviation, flight plan filing, account syncing and database concierge capabilities were down in the Garmin Pilot app. Data from the on-board Central Maintenance Computer (CMC) was also unavailable.

The outage affected the entire firm, which also produces fitness trackers, smartwatches and other wearables.

Garmin appears to have suffered a large-scale ransomware attack that crippled its infrastructure. Reportedly, Garmin employees were notified that a virus attacked one of the company’s servers, impacting the entire production line. Citing ongoing investigations, Garmin has not yet publicly confirmed this data breach or provided details regarding the apparent security attack.

The company’s website featured a general notice:

“We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

Security experts speculate the involvement of a new strain of ransomware called WastedLocker – custom code developed by a Russian hacker group known as Evil Corp. If a WastedLocker attack is confirmed, Garmin users may have more reasons for concern beyond being unable to track their workouts for a few days.

WastedLocker malware is known to:

  • Spread through fake software update alerts
  • Distribute through software downloads
  • Steal code-signing certificates and use them to sign malware. Certificates indicate that software comes from a trusted source, allowing malware to evade detection under the guise of legitimate software.

It is currently unclear if any customer data has been lost or stolen. However, ransomware attacks have increasingly involved customer data theft, in addition to file encryption.

Garmin anticipates multiple days of maintenance efforts to resolve the aftermath of the incident, involving shutting down its official website, the Garmin Connect user data-syncing service, Garmin’s aviation database services, and production lines in Asia. The outage also impacted Garmin’s call centers, leaving the company unable to answer calls, emails, and online chats.

Founded in 1989, Garmin offers GPS technology to the automotive, aviation, marine, outdoor, and fitness industry. The Kansas-based company has 14,500 employees in 65 offices around the world with $3.7 billion in annual revenues.

Garmin Aviation products are used extensively in all sectors of aviation, including general aviation, government and defense, business and corporate aviation, and helicopters. Garmin watches are commonly used in some segments of tactical aviation; U-2 pilots at Beale Air Force Base in Northern California have been flying with Garmin’s D2 Charlie smartwatches since 2017.

Pilots use Garmin products for flight planning, charts, interactive maps, weather briefing resources, navigation capabilities, data and log records, communications, and more.

The Arnold Law Firm will continue to monitor this possible data breach and provide updated information as our investigation continues.

If you use a subscription Garmin Aviation product impacted by the current service outage and possible data breach, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible developing legal options.