I'm not worried about losing my data, nor am I worried about losing access to Garmin's online services for a few days.These are mild inconveniences at best.

What worries me is who else might have access to the trove of personal data that Garmin has.

In addition to the standard online account stuff like phone numbers, IP addresses, billing addresses, email addresses, passwords, credit card info there are some more unique things in the data that Garmin collects via devices and uploads:
Age, height, weight, gender, heart rate, fitness history, power meter readings, GPS verified location tracks, lists of bikes and equipment that we all own, how frequently/far we ride them, who else we ride with, etc. In some cases, emergency contact info. Some devices collect additional data like sleep schedules, VO2 numbers, and so on.

All of that personal data may or may not be in the hands of Russian hackers.

It doesn't seem like the ransomware scum care about the data.

Since backups might be compromised, a fair amount of data might be unrecoverable.

Why would Russian hackers care about sleep schedules and VO2 numbers?

If they were after the data itself, they wouldn't announce themselves by encrypting it and demanding ransm; they'd be silently siphoning it off for as long as possible.

If you're worried about that information being compromised, you shouldn't upload it to Garmin, or any other service.

Of course I know that there's always a risk of data being compromised. That doesn't mean I have to forego any discussion or opinion on it, or accept it as a given outcome.

Hackers probably don't care about any of it, but they might think it's something they can sell to someone who does.
It doesn't seem like a huge stretch to think that other companies, not to mention health/life insurance companies might be interested in getting their hands on data like this.

I don't think I suggested that you "forego any discussion or opinion", at least I didn't mean to.

If they could sell it, they'd care about it. Who would buy sleep schedules and VO2 numbers?

Actually, it's kind of nutty to think that insurance companies are going to buy this information from hackers.

try probikegarage, it syncs with starva and you can track every little thing on a bike and setting up service reminders

Yep, great app. KB

Or they can just sell it on the dark web for additional money besides the ransom or to punish Garmin for not paying it.

Looks like things are back online and no data loss that I can see. Able to upload saved files from memory on my Edge.

Beyond things like credit card info, data like sleep schedules and how fast you ride is worthless to other people.

===============================

Ransomware is like threatening to burn your house down. It’s easy and nonspecific

Stealing data is like needing to know where the jewels and money are hidden.

BaseCamp?

That still exists (but there isn’t much active work being done on it now).

There are programs from other people too.

The data is just files (which you can store on your computer).

Yes I connected with the server this morning. It is a a little slow and I had to try twice, probably because of heavy traffic.

People have used Strava data to pinpoint which houses to hit for bike grand larceny.

Where you live and how many bikes you have is all thieves need to know to case your house. One of my riding mates lost $6K of tools and bikes out of their garage--no one else in their area was hit and everything was locked. Because GPS data plus knowing there are valuable bikes there is all you need.

Well that was shortlived....nothing here as of now.

People are targeted by thieves using social media and GPS platforms, this is nothing new. Based on analysis available, I highly double Russian or Chinese hackers are interested in stealing your bike stash. They would love your passwords, credit cards, and use your Garmin data to social engineer breaches into other organizations. Frankly, social engineering is the top of my threat lists, Garmin is very popular and could easily give hackers a path into more critical systems around the world.

EDIT - additional info (I've added the bold to the quote to the point of the post above):"WastedLocker is a new kind of ransomware, detailed by security researchers at Malwarebytes in May, operated by a hacker group known as Evil Corp. Like other file-encrypting malware, WastedLocker infects computers, and locks the user’s files in exchange for a ransom, typically demanded in cryptocurrency.

Malwarebytes said that WastedLocker does not yet appear to have the capability to steal or exfiltrate data before encrypting the victim’s files, unlike other, newer ransomware strains. That means companies with backups may be able to escape paying the ransom. But companies without backups have faced ransom demands as much as $10 million."
https://techcrunch.com/2020/07/25/ga...mware-sources/

None of these are sleep schedules or VO2 data.

​​​I didn't say none of the data has value (I even listed some!)

The location data might be useful but it's usefulness is local. Which reduces the value of it being sold.

​​​​​​

It's also possible that the theives who hit your friend didn't use GPS data.

Looks like the server is back online. I was able to log in this morning. Still no word though on the nature / extent of the breach. I'd like to know if all of my information is out there and what, if anything, is being done about it.

Nope... still down.

My post also noted many other data points that Garmin collects, that hackers may have accessed.

The focus on VO2 and sleep schedules as specific items from my post to nitpick was your choice, but I agree that those two items would have less value than others, and may not have any actual value at all.

None of this makes it any less concerning that lots of personal user data was potentially compromised, which was my entire point.

Good example.
Although we can set up "privacy zones" within Strava/Garmin, and keep equipment descriptions somewhat vague as basic security measures, the raw data still includes the actual start/stop points. The privacy zone just prevents it from being broadcast to other users.

In the event of a data breach, it would be very easy for someone to sort through GPS data to single out and pinpoint the location of high-mileage/frequency riders that log rides on multiple bikes. Combine that with day/time info on when they're typically out riding...

You guys are obsessing over Garmin data, imagine if they got your Google or Apple data. Everywhere you go, everything you look at.

As it was said, George Orwell would be shocked at the amount of personal information we give away for free. And the interweb never forgets.

Anyone pay any of those DNA services?

Quoting my post earlier today (I've added the bold to highlight the point):

For reference: Social Engineering

I focused on them because they where especially nutty nits! They are your nits!

If it bothers you that somebody pointed that out, maybe, you shouldn't have mentioned them!

Again, you mentioned them. And you suggested that insurance companies would illegally buy the info from criminals.

They don't have any value to anybody. Why mention them?

It exaggerates the risk in a meaningless way. And it's funny!