Jump to content

Recommended Posts

Posted

I have no issue with what they published. They were down for maintenance. They were not lying. Their maintenance team were working on the system and they were down. You do not need to know why they were down, just that they were working on it.

I do have an issue. If my personal data has been compromised, including that I use Garmin Pay and have credit card details at risk. I deserve the chance to update passwords and notify my bank.

  • Replies 242
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted

I do have an issue. If my personal data has been compromised, including that I use Garmin Pay and have credit card details at risk. I deserve the chance to update passwords and notify my bank.

Ransomware hackers have little interest in your credit card details, or any of your details.

 

Credit cards can be traced, the crypto ransom payments that they demand cannot.

 

The clever ones won’t risk their operations with credit cards.

Posted

Ransomware hackers have little interest in your credit card details, or any of your details.

 

Credit cards can be traced, the crypto ransom payments that they demand cannot.

 

The clever ones won’t risk their operations with credit cards.

 

We can agree to disagree but my view is simple. If my personal data has been compromised, I deserve to know.

 

And just as easily as the crypto ransom cannot be traced so then can the sale of the personal database to a 3rd party.

 

Does all this mean I’m throwing Garmin out with the bath water, no. Damn, I’ve just dropped my biggest purchase yet on a 1030 Plus 3 days ago. I love their hardware. But for me, the way they have chosen to deal with this outage I don’t agree with.

 

Side Note: I really cannot afford for my riding data to shared in case my work finds out I’ve been smashing centuries on the days I’ve been calling in sick ........

Posted

We can agree to disagree but my view is simple. If my personal data has been compromised, I deserve to know.

 

And just as easily as the crypto ransom cannot be traced so then can the sale of the personal database to a 3rd party.

 

Does all this mean I’m throwing Garmin out with the bath water, no. Damn, I’ve just dropped my biggest purchase yet on a 1030 Plus 3 days ago. I love their hardware. But for me, the way they have chosen to deal with this outage I don’t agree with.

 

Side Note: I really cannot afford for my riding data to shared in case my work finds out I’ve been smashing centuries on the days I’ve been calling in sick ........

I am not disagreeing with you. You do have the right to know if your data has been breached. GDPR covers this.

 

What I am saying is that in this particular case, you are credit card details and stealing from you was likely not the focus of the hackers.

 

As a side note, tracing how data moves as it gets sold is not that difficult. I did it once. Traced how an insurance company got my personal details through about 5 stages, including a listed company that likes sponsoring rugby teams, all they way to a single guy sitting in Nigeria who was selling it via a server and address in Wimbledon of all places.

Posted

Question to the IT guru's :

 

- regarding the "message" Garmin posted during the outage.  The first message was the default message.  Being locked out of their own system, at what point was Garmin physically in a position to send out a "real message" to clients ?  Was it even possible for them to inform their clients of a data breach, via their devices\apps ?  (the randsomeware message got out quick enough via other channels)

Posted

Question to the IT guru's :

 

- regarding the "message" Garmin posted during the outage.  The first message was the default message.  Being locked out of their own system, at what point was Garmin physically in a position to send out a "real message" to clients ?  Was it even possible for them to inform their clients of a data breach, via their devices\apps ?  (the randsomeware message got out quick enough via other channels)

 

Most often these system are very modular.

Client correspondence would likely be its own application talking back to the operational system via the an API.

 

In short, there is an eco-system of services. The hackers would struggle to take control of all of them. Leaving some functions operational. 

Posted

We can agree to disagree but my view is simple. If my personal data has been compromised, I deserve to know.

 

And just as easily as the crypto ransom cannot be traced so then can the sale of the personal database to a 3rd party.

 

Does all this mean I’m throwing Garmin out with the bath water, no. Damn, I’ve just dropped my biggest purchase yet on a 1030 Plus 3 days ago. I love their hardware. But for me, the way they have chosen to deal with this outage I don’t agree with.

 

Side Note: I really cannot afford for my riding data to shared in case my work finds out I’ve been smashing centuries on the days I’ve been calling in sick ........

No though that with ransomware, typically the data is not compromised at all. What happens is that the files get encrypted and no one can access them. Hence the request for ransom. 

 

Hacking to get info is a different scenario and not one in this case.

 

You would be surprised to know how many big institutions get hacked and your data is at risk without you knowing about it as the holes get plugged. 

 

I would be way more concerned with normal risks that what happend at Garmin.

Posted (edited)

No though that with ransomware, typically the data is not compromised at all. What happens is that the files get encrypted and no one can access them. Hence the request for ransom.

 

Hacking to get info is a different scenario and not one in this case.

 

You would be surprised to know how many big institutions get hacked and your data is at risk without you knowing about it as the holes get plugged.

 

I would be way more concerned with normal risks that what happend at Garmin.

https://www.zdnet.com/article/ransomware-warning-now-attacks-are-stealing-data-as-well-as-encrypting-it/

 

Ransomware warning: Now attacks are stealing data as well as encrypting it

Edited by WrightJnr
Posted

As an aside, I see Santam are offering cover for things like this with caveats re having Antivirus and Malware installed. I am keen to see the T's and C't on that contract.

Cyber cover is one of the biggest growing areas. There are specialist in the field.

 

CFC Underwriting and Beazely are the top players in the UK. People like SHA and Camargue are good options in SA.

Posted

Apologies if I missed it somewhere in the thread, but is it possible to transfer Zwift and/or Strava files (I don't ride and run on Zwift with my Garmin watch) to my Garmin Connect App on my iPhone? I usually use only the desktop version of Garmin Connect for all my stats, but since this is still not working, I have no way of getting all my data in one place. Any help would  be appreciated!

Posted

Apologies if I missed it somewhere in the thread, but is it possible to transfer Zwift and/or Strava files (I don't ride and run on Zwift with my Garmin watch) to my Garmin Connect App on my iPhone? I usually use only the desktop version of Garmin Connect for all my stats, but since this is still not working, I have no way of getting all my data in one place. Any help would be appreciated!

You can download your Strava files, once over a specified time period. I’ve used it once and it work swell.
Posted

Apologies if I missed it somewhere in the thread, but is it possible to transfer Zwift and/or Strava files (I don't ride and run on Zwift with my Garmin watch) to my Garmin Connect App on my iPhone? I usually use only the desktop version of Garmin Connect for all my stats, but since this is still not working, I have no way of getting all my data in one place. Any help would  be appreciated!

 

Worth checking your setup .... the Garmin Connect desktop version have been working for a few days already.

Posted

We can agree to disagree but my view is simple. If my personal data has been compromised, I deserve to know.

 

And just as easily as the crypto ransom cannot be traced so then can the sale of the personal database to a 3rd party.

 

Does all this mean I’m throwing Garmin out with the bath water, no. Damn, I’ve just dropped my biggest purchase yet on a 1030 Plus 3 days ago. I love their hardware. But for me, the way they have chosen to deal with this outage I don’t agree with.

 

Side Note: I really cannot afford for my riding data to shared in case my work finds out I’ve been smashing centuries on the days I’ve been calling in sick ........

GDPR will nail them if any personal data was stolen. Patch is correct though, these types of attacks are well planned and very professional in terms of what they do.

The breaches where data is leaked have a different agenda and unless its a bunch of amateurs then they only focus on their objectives.

Posted

Most often these system are very modular.

Client correspondence would likely be its own application talking back to the operational system via the an API.

 

In short, there is an eco-system of services. The hackers would struggle to take control of all of them. Leaving some functions operational. 

Yeah its unlikely everything was compromised, there is a lot of segregation of systems and different teams with different permissions manage everything, so no one person should be able to get to everything.

 

Worst case scenario with getting a message out from an official channel like a webpage is 24 hours in terms of shifting DNS records to point to another server with a backup copy of the site running.

Posted

GDPR will nail them if any personal data was stolen. Patch is correct though, these types of attacks are well planned and very professional in terms of what they do.

The breaches where data is leaked have a different agenda and unless its a bunch of amateurs then they only focus on their objectives.

Not anymore... Becoming more the norm to take data as well. Data being used as leverage.

 

 

https://www.zdnet.com/article/ransomware-warning-now-attacks-are-stealing-data-as-well-as-encrypting-it/

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Settings My Forum Content My Followed Content Forum Settings Ad Messages My Ads My Favourites My Saved Alerts My Pay Deals Help Logout