Garmin Shipping Navigation Unit Suffers Breach

By  |  October 9, 2018
 | 
garmin-boat,jpg

Navionics, an Italian company that manufactures electronic navigational charts for boating, was the victim of customer data breach that exposed hundreds of thousands of customer records.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    Bob Diachenko, Hacken.io’s director of cyber risk research, revealed in a blog post that the company’s MongoDB database wasn’t secured with password protection, which meant anyone could access and download its data.

    Navionics, which was recently acquired by tech giant Garmin, offers boat, yacht and ship owners access to real-time navigation charts through the “world’s largest cartography database.”

    The 19 gigabyte database contained more than 260,000 records, including customer names and email addresses. In addition, it provided information about their boat — latitude and longitude, boat speed and other navigational details — which Diachenko said was likely updating in real-time.

    Once discovering the breach, Diachenko contacted the company and Navionics immediately shut down the server.

    “Navionics takes data protection very seriously, and we are grateful that Mr. Diachenko notified us of this misconfiguration using the responsible disclosure model,” the company said in a statement. “Once notified, we immediately investigated and resolved the vulnerability. Following our investigation, we confirmed that none of the records or data were otherwise accessed or exfiltrated, and none of the data was lost. Even so, Navionics still notified affected customers via e-mail by October 8, 2018.”

    Advertisement: Scroll to Continue

    As one of the most widely used database providers in the world, many exposed MongoDB databases have been accessed by hackers, according to reports.

    “The main takeaway from this is the importance of security at every stage of your development process,” wrote Diachenko. “It should not even be argued that your development network must be one of your most secure networks, for it contains your intellectual property.  As we learned from this incident, one never knows when transient firewall rules may inadvertently expose your development machines to the public. In this case, it appears to have only exposed some pieces of personal information, but for others, it could be critical intellectual property or even your entire subscriber base that could be exposed.”


    Recommended

    Hersheys Dubai Chocolate

    The Holiday Dinner Set for the Ultra-High-End Digital Chef

    OCC Aims to Reform Liquidity Risk Management and Anti-Money Laundering Compliance

    Walmart Completes Street-Front Retail Lineup at New Corporate Campus

    Conversational AI Becomes New Front Door for Holiday Shopping

    See More In: , , , , , , , ,