trending Market Intelligence /marketintelligence/en/news-insights/trending/y4hm3zj0jn1ekhbbzk4vqq2 content esgSubNav
In This List

Garmin's Navionics inadvertently exposed customer data, cybersecurity firm says

Blog

Global 5G Survey: Operators push past COVID-19 to accelerate 5G network upgrades

Blog

Banking Essentials Newsletter 2021: December Edition

Blog

Investment Banking Essentials Newsletter 2021: December Edition

Blog

Asian content carving a bigger space in global video scene


Garmin's Navionics inadvertently exposed customer data, cybersecurity firm says

Garmin Ltd.-owned Italian marine navigation firm Navionics SpA inadvertently exposed 19 gigabytes worth of sensitive customer and product data after a misconfiguration incident on its MongoDB platform last month, according to a blog post by cybersecurity firm Hacken.

The incident reportedly exposed 261,259 unique customers, including email addresses, names in some cases, purchased products IDs, and user IDs. Apart from customer data, the database also included information like application version and platform used, device ID, longitude and latitude, boat speed, a navigation device, horizontal accuracy, and other navigation details.

Bob Diachenko, Hacken's cyber risk research director, discovered the incident on Sept. 10 and said he sent a responsible disclosure notification to Navionics when he identified the owner of the dataset the next day.

In a statement to Hacken, Navionics said it "takes data protection very seriously" and that it has "immediately investigated and resolved the vulnerability."

The company also confirmed that none of its records or data were accessed, exfiltrated or lost. Navionics said it e-mailed affected customers by Oct. 8.

Hacken said the incident is unlikely to affect current Navionics customers because the database remained intact upon discovery of the incident.

Garmin acquired Navionics in October 2017.