Welcome, Guest. Please Login or Register

Author Topic: Garmin shop data leak  (Read 428 times)

0 Members and 1 Guest are viewing this topic.

Offline IceCreamMan

  • Pawn star
  • Forum Whore
  • ****
  • Bike: Triumph (all models)
    Location: United Kingdom
  • Posts: 6,392
  • Thanked: 183 times
Garmin shop data leak
« on: September 13, 2019, 10:49:32 am »
Just a heads up. If you have ever bought from the the online za Garmin shop chances are your data has been stolen.

Name, address, card details, etc etc were stolen.
Swim.Bike.Run.Eat.Sleep
 

Offline Kortbroek

Re: Garmin shop data leak
« Reply #1 on: September 13, 2019, 10:52:32 am »
https://mybroadband.co.za/news/security/319869-garmin-south-africa-hack-credit-card-details-stolen.html

Quote
Customer data for purchases made through the Garmin South Africa shop has been stolen, according to a notice sent to affected users by the company on 12 September.

“We recently discovered theft of customer data from orders placed through shop.garmin.co.za (operated by Garmin South Africa) that compromised your personal data related to an order that you placed through the website,” Garmin SA managing director Jennifer van Niekerk told customers.

The compromised data was limited to only Garmin’s South Africa site, and contained the following information:

Payment card number
Payment card expiration date
Payment card CVV number
First name
Last name
Physical address
Phone number
Email address
The stolen data is extensive, and contains all the information required to make purchases with the victims’ credit cards.

“We recommend that you review and monitor your payment card records to make sure there were no unauthorized purchases,” van Niekerk said.

Security and apology
Van Niekerk told affected users that they should contact their bank or payment card provider for direction if they suspect that criminals have used these stolen details to make fraudulent payments.

“As a valued customer, we apologize for this incident and assure you that Garmin takes our obligation to safeguard personal data very seriously,” she told customers.

MyBroadband asked Garmin how this information was compromised and what it has done to improve its security following the theft, but the company did not immediately respond to requests for comment.
- you reckon that thing will pop a wheelie? We're about to find out, SLAP that pig!
 
The following users thanked this post: IceCreamMan

Offline JC

  • Senior Member
  • ***
  • Bike: KTM 990 Adventure
    Location: Western Cape
  • Posts: 2,231
  • Thanked: 27 times
Re: Garmin shop data leak
« Reply #2 on: September 13, 2019, 11:02:57 am »
why in the everlasting hell would they need to save your full CC AND CVV?

I wish POPI had teeth so they can get a massive fine.

 

Offline IceCreamMan

  • Pawn star
  • Forum Whore
  • ****
  • Bike: Triumph (all models)
    Location: United Kingdom
  • Posts: 6,392
  • Thanked: 183 times
Re: Garmin shop data leak
« Reply #3 on: September 13, 2019, 11:05:21 am »
why in the everlasting hell would they need to save your full CC AND CVV?

I wish POPI had teeth so they can get a massive fine.

Yip, this leads to so much shlep as you have no alternative BUT to change your card. Failing to do so could render you liable for the fraud.

What a negligent act  :lamer:
Swim.Bike.Run.Eat.Sleep
 

Offline Kortbroek

Re: Garmin shop data leak
« Reply #4 on: September 13, 2019, 11:29:38 am »
I'm surprised they don't use something like Payfast. Then none of your payment details are stored on the vendor site and it all goes via a 3rd party like payfast. Makes your security on your site much easier.
- you reckon that thing will pop a wheelie? We're about to find out, SLAP that pig!
 

Offline Fuzzy Muzzy

  • Merchandisers
  • Forum Whore
  • *
  • Bike: Honda TransAlp XL700V
    Location: Western Cape
  • Posts: 9,165
  • Thanked: 255 times
Re: Garmin shop data leak
« Reply #5 on: September 13, 2019, 12:21:27 pm »
“As a valued customer, we apologize for this incident and assure you that Garmin takes our obligation to safeguard personal data very seriously,” she told customers.

Well clearly not seriously enough   :sip:
Africa trip, Namibia, Botswana, Zambia, Malawi, Tanzania & Moz rr http://www.wilddog.za.net/forum/index.php?topic=61231.0
 

Offline Buff

Re: Garmin shop data leak
« Reply #6 on: September 13, 2019, 12:30:07 pm »
I thought that data was supposed to be encrypted?
Present bikes: BETA 300RR, KTM 690, Yamaha WR250F

If you're dumb you gotta be tough !!!
 

Offline meteldog

  • Senior Member
  • ***
  • Bike: Honda CRF-1000L Africa Twin
    Location: Western Cape
  • Posts: 674
  • Thanked: 15 times
  • Alive and kicking
    • Tankwa Biking
Re: Garmin shop data leak
« Reply #7 on: September 13, 2019, 03:26:14 pm »
Thanks for the warning.

I bought a a GPS online from them about 3 years back, but hopefully the card I used has expired, will monitor it. Still getting marketing emails from them, so yes they have my details.

Retailers who allow their customers data to be compromised should get hefty fines, this is totally unacceptable
Cathsseta certified National Adventure Guide (WC9703)
it's all about the journey, not the destination
http://www.advbike.co.za
http://www.facebook.com/groups/111787138904704/
 

Offline IceCreamMan

  • Pawn star
  • Forum Whore
  • ****
  • Bike: Triumph (all models)
    Location: United Kingdom
  • Posts: 6,392
  • Thanked: 183 times
Re: Garmin shop data leak
« Reply #8 on: September 13, 2019, 03:58:41 pm »
Well, here is a another theory.

Not so much a theft of data from Garmin per se, but when filling in card details the details were concurrently being sent to another location due to malware on the Garmin shop site.

In no means less negligent on The Garmin shop site though, possibly even more so.

But just a theory
Swim.Bike.Run.Eat.Sleep
 

Offline 2StrokeDan

  • Castrated Dog
  • ******
  • Bike: KTM 690 Adventure
    Location: Western Cape
  • Posts: 21,548
  • Thanked: 727 times
Re: Garmin shop data leak
« Reply #9 on: September 13, 2019, 04:04:07 pm »
Well, here is a another theory.

Not so much a theft of data from Garmin per se, but when filling in card details the details were concurrently being sent to another location due to malware on the Garmin shop site.

In no means less negligent on The Garmin shop site though, possibly even more so.

But just a theory

Another theory is that data is sold to another party, with software/"malware" designed to send it to the buyer.
 

Offline Beebop

  • Senior Member
  • ***
  • Bike: BMW R1150GS Adventure
    Location: Gauteng
  • Posts: 3,246
  • Thanked: 68 times
Re: Garmin shop data leak
« Reply #10 on: September 13, 2019, 04:19:40 pm »
Clearly not PCI DSS compliant.