Garmin Hack: Credit Card Details et al nicked





Page 1 of 2 1 2 LastLast
Results 1 to 20 of 23
  1. #1
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Garmin Hack: Credit Card Details et al nicked

    So I got this email in my junk folder yesterday saying that Garmin has been hacked and that the hackers got away with inter alia, credit card numbers, CVV, expiry date, names, address etc. In short everything that is needed to go on a massive shopping spree.

    I mailed Garmin who confirmed it was not a phising exercise and I see that mybroadand also did an article on it.

    https://mybroadband.co.za/news/secur...ls-stolen.html

    This will affect all safas who have bought from their website (Like me)

    Cheers


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

  2. The Following 2 Users Say Thank You to JeeperCreepers For This Useful Post:


  3. #2
    Join Date
    Jun 2013
    Location
    Pretoria
    Age
    40
    Posts
    270
    Thanked: 4

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Yeah , I had the same e-mail, and all they can say is sorry, check you account statement for fraudelent transactions! I asked them to share the actual leaked data for my account so I know which card to check. So far no response. I think this is terrible from Garmin...
    Regards
    Jannas

    Nissan Terrano II 2.7 TDI - 2000 - ex
    Nissan Qashqai 2.0 Acenta (petrol) - 2012
    Nissan 1400 Champ - 1996





  4. #3
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Yip, pretty poor showing from Garmin. In any event. Cancelled my card this morning with no fishy transactions. Guess that is one of the many risks one takes with online shopping?


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

  5. #4
    Join Date
    Nov 2015
    Location
    Edenvale
    Age
    32
    Posts
    495
    Thanked: 508

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Why the hell are they storing cvv numbers in the first place?
    2011 Freelander 2 SE
    Swambo : 2012 BMW 530d Msport("the beast")

  6. The Following 5 Users Say Thank You to lizardalpha For This Useful Post:


  7. #5
    Join Date
    Jul 2012
    Location
    Randburg
    Age
    42
    Posts
    1,657
    Thanked: 176

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by lizardalpha View Post
    Why the hell are they storing cvv numbers in the first place?
    +10000

    I wonder if the data was stored in plain text or was it encrypted?
    Touareg V10
    KTM 1290 Super Adventure R

  8. The Following User Says Thank You to SpiderGear For This Useful Post:


  9. #6
    Join Date
    Nov 2015
    Location
    Edenvale
    Age
    32
    Posts
    495
    Thanked: 508

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by SpiderGear View Post
    +10000

    I wonder if the data was stored in plain text or was it encrypted?
    If they are warning their customers it must have been plain text. If it was encrypted then it should not have been a problem.
    2011 Freelander 2 SE
    Swambo : 2012 BMW 530d Msport("the beast")

  10. The Following User Says Thank You to lizardalpha For This Useful Post:


  11. #7
    Join Date
    Apr 2015
    Location
    Johannesburg
    Posts
    676
    Thanked: 250

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by lizardalpha View Post
    If they are warning their customers it must have been plain text. If it was encrypted then it should not have been a problem.
    Do they give any details about an affected time period ?

    I bought something just over 2 years ago from them.
    Discovery 1 1996 V8i (Sold, owned for 20 years); Freelander 2 2013 SD4 SE; Discovery 4 2014 SDV6 SE; Bushlapa Boskriek


  12. #8
    Join Date
    Nov 2015
    Location
    Edenvale
    Age
    32
    Posts
    495
    Thanked: 508

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by Jola View Post
    Do they give any details about an affected time period ?

    I bought something just over 2 years ago from them.
    No time period. Probably all data.
    2011 Freelander 2 SE
    Swambo : 2012 BMW 530d Msport("the beast")

  13. #9
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by lizardalpha View Post
    Why the hell are they storing cvv numbers in the first place?
    Good question.

    Quote Originally Posted by SpiderGear View Post
    +10000

    I wonder if the data was stored in plain text or was it encrypted?
    Not sure. The email is pretty vague

    Quote Originally Posted by Jola View Post
    Do they give any details about an affected time period ?

    I bought something just over 2 years ago from them.
    Quote Originally Posted by lizardalpha View Post
    No time period. Probably all data.
    I would not take any chances. A cancelled CC is an inconvenience, a maxed out CC is an effup of epic proportions


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

  14. #10
    Join Date
    Nov 2010
    Location
    Pretoria
    Age
    43
    Posts
    1,503
    Thanked: 145

    Default Re: Garmin Hack: Credit Card Details et al nicked

    I don't get it, has anybody checked in the privacy policy if they state that they store these details? What is also weird is that most sites do not handle the transactions themselves - they use a payment gateway like payfast etc. On my website for instance those details are not part of what we capture. And the payment gateways also do not store the CVV.

  15. The Following User Says Thank You to Wicd For This Useful Post:


  16. #11
    Join Date
    Aug 2009
    Location
    Gaborone
    Age
    69
    Posts
    6,751
    Thanked: 959

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by Jola View Post
    Do they give any details about an affected time period ?

    I bought something just over 2 years ago from them.
    How long is your card valid?
    I mean the cvv changes with a new issue, some banks (FNB) even change the card number (last 4 digits).
    Kalahari Safari
    ORRA Call: WB58 | ICASA ZRF430
    Nissan Patrol GU TB45
    | Nissan Safari GU TD42 | B'rakah 4x4 Trailer
    E34 - 535i for a bit of nostalgia
    E39 - 540i for the open roads

  17. #12
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by Wicd View Post
    I don't get it, has anybody checked in the privacy policy if they state that they store these details? What is also weird is that most sites do not handle the transactions themselves - they use a payment gateway like payfast etc. On my website for instance those details are not part of what we capture. And the payment gateways also do not store the CVV.
    From Garmin's website. Doesn't mention storing credit card details

    When You Make an Account
    Garmin stores information such as your name, email address and passwords so you can sign in, and it helps us verify your account if you call customer support.

    When You Buy Products
    When you buy products from Garmin, we ask for information such as your name, address and phone number so we can get your order processed and shipped to you.


    When You Sync Products
    When you sync your device, we collect data such as your IP address, sync time and date and battery level to help identify and resolve errors or syncing issues and to provide better customer support.

    When You Contact Garmin
    We know you want to stay off the grid, but we may collect things such as your contact and device information during support calls to ensure that you get the help you need.

    When You Use Location Features
    Sometimes we need to collect your device’s location. That makes it a lot easier to tell you about things such as weather in your area, nearby traffic and even movie prices near you.

    When You Use Auto Navigation
    With your consent, Garmin collects information that includes location, direction and speed to help with features such as parking and traffic.

    As a matter of fact they state that they do not store credit card details

    Personal data that is processed when you purchase a product or service on a Garmin website or app or through customer support:
    If you purchase a product or service on a Garmin website or app or through customer support, then Garmin will collect your name, address and telephone number. We do not view or store your payment card information. A third party, Adyen, processes customer payment information when Garmin customers make a purchase on a Garmin website or app or through customer support. We recommend you carefully review Adyen’s Privacy Policy. More information about Adyen can be found here. Another third party, Narvar, provides shipment information to allow you to track items purchased from a Garmin website or purchased, repaired, or exchanged through customer support. We recommend you carefully review Narvar’s Privacy Policy.
    Last edited by JeeperCreepers; 2019/09/13 at 01:26 PM.


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

  18. The Following 2 Users Say Thank You to JeeperCreepers For This Useful Post:


  19. #13
    Join Date
    Apr 2010
    Location
    Johannesburg
    Posts
    283
    Thanked: 632

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by JeeperCreepers View Post
    Yip, pretty poor showing from Garmin. In any event. Cancelled my card this morning with no fishy transactions. Guess that is one of the many risks one takes with online shopping?
    This should not be an issue... ever...

    They had to go out of their way and do something really stupid to allow that information to be stolen...
    "The problem with internet quotes is that they are very often unverified."
    -Abraham Lincoln

  20. The Following User Says Thank You to MarcR For This Useful Post:


  21. #14
    Join Date
    Jan 2007
    Location
    Cape Town
    Posts
    1,445
    Thanked: 301

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Aaaaaaaaaaaaand that is why we have the schlepp of PCI DSS compliance and pen-testing and overpaid QSAs and all that.

    This is simply not good enough. No excuses.

  22. The Following User Says Thank You to dph For This Useful Post:


  23. #15
    Join Date
    Nov 2010
    Location
    Pretoria
    Age
    43
    Posts
    1,503
    Thanked: 145

    Default Re: Garmin Hack: Credit Card Details et al nicked

    We do not view or store your payment card information. A third party, Adyen, processes customer payment information when Garmin customers make a purchase on a Garmin website or app or through customer support.


    This is pretty standard. So the details should not be anywhere on Garmin's system.

  24. #16
    Join Date
    Jul 2010
    Location
    Pretoria
    Age
    45
    Posts
    10
    Thanked: 1

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Well, thanks to Garmin I was on the phone at 23:46 last Friday to report suspicious transactions on my credit card. The bank said that there was Emirates flight tickets booked through Travelstart in Cape Town with my credit card details.

    Fortunately I was quick enough in picking it up that no actual payments went through although the payments was authorized.

    Very disappointing as I have had excellent service from Garmin SA a couple of times.

  25. #17
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Quote Originally Posted by Martinus vd Reyden View Post
    Well, thanks to Garmin I was on the phone at 23:46 last Friday to report suspicious transactions on my credit card. The bank said that there was Emirates flight tickets booked through Travelstart in Cape Town with my credit card details.

    Fortunately I was quick enough in picking it up that no actual payments went through although the payments was authorized.

    Very disappointing as I have had excellent service from Garmin SA a couple of times.
    Close call and yes, very disappointing


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

  26. #18
    Join Date
    Sep 2014
    Location
    Emalahleni
    Age
    64
    Posts
    275
    Thanked: 113

    Default Re: Garmin Hack: Credit Card Details et al nicked

    I will never support their online store again.
    Forget about recommending them.....
    Companies must feel a drop in profits before they will act responsibly.
    My card is stitched off now.

  27. #19
    Join Date
    Feb 2016
    Location
    Somerset West
    Age
    47
    Posts
    359
    Thanked: 117

    Default Re: Garmin Hack: Credit Card Details et al nicked

    From another forum it appears as though they were hacked some time ago and a javascript installed that sent the entered information to a 3rd party.

    So the sale would go through and your entered info sent to somewhere else.

    Your info was "technically" not stored, but simply taken as you entered it.

    But still bad form by Garmin.

    And since garmin is well supported, it is not like we can stop using Garmin products to make them feel the pinch.

  28. #20
    Join Date
    Aug 2014
    Location
    Bloemfontein
    Posts
    339
    Thanked: 137

    Default Re: Garmin Hack: Credit Card Details et al nicked

    Garmin statement regarding data security incident in South Africa

    September 13, 2019
    Garmin recently became aware of a theft of customer data as part of a criminal cyberattack that affected customers who placed an order through shop.garmin.co.za. This e-commerce site was operated by a third-party on behalf of Garmin South Africa.

    Promptly after learning of this incident, we immediately shut down the impacted system, began an investigation, and contacted the South African Information Regulator.

    While Garmin does not store credit card information, the unauthorized party leveraged virtual skimming technology to capture customer details at the time of input, including credit card information.

    The compromised data was limited to Garminís South Africa website which uses a separate e-commerce system operated by a third-party. This incident affected less than 6,700 customers in South Africa and does not affect customers who purchased from other Garmin websites in other regions.

    We take our obligation to safeguard personal data very seriously and regret any inconvenience this may have caused our customers. We are in communication with our South African customers who may have been affected by this issue and are working on safeguards to prevent future attacks.


    2014 Toyota Hilux DC 4x4 - Legend 45
    2010 Jeep Wrangler Unlimited - Mountain Edition (Sold...)
    Bloemfontein

Page 1 of 2 1 2 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •