trending Market Intelligence /marketintelligence/en/news-insights/trending/y4hm3zj0jn1ekhbbzk4vqq2 content esgSubNav
In This List

Garmin's Navionics inadvertently exposed customer data, cybersecurity firm says

Case Study

Financial Data Provider Quickly Realizes Value of Upgraded Charting Solution


Insight Weekly: Sustainable bonds face hurdles; bad loans among landlords; AI investments up


European banking sector outlook 2023


No disruption on the road to digitization

Garmin's Navionics inadvertently exposed customer data, cybersecurity firm says

Garmin Ltd.-owned Italian marine navigation firm Navionics SpA inadvertently exposed 19 gigabytes worth of sensitive customer and product data after a misconfiguration incident on its MongoDB platform last month, according to a blog post by cybersecurity firm Hacken.

The incident reportedly exposed 261,259 unique customers, including email addresses, names in some cases, purchased products IDs, and user IDs. Apart from customer data, the database also included information like application version and platform used, device ID, longitude and latitude, boat speed, a navigation device, horizontal accuracy, and other navigation details.

Bob Diachenko, Hacken's cyber risk research director, discovered the incident on Sept. 10 and said he sent a responsible disclosure notification to Navionics when he identified the owner of the dataset the next day.

In a statement to Hacken, Navionics said it "takes data protection very seriously" and that it has "immediately investigated and resolved the vulnerability."

The company also confirmed that none of its records or data were accessed, exfiltrated or lost. Navionics said it e-mailed affected customers by Oct. 8.

Hacken said the incident is unlikely to affect current Navionics customers because the database remained intact upon discovery of the incident.

Garmin acquired Navionics in October 2017.