Cyber Incident Victim: Garmin

On or around September 12, 2019, Garmin experienced a security breach affecting customers who used its South African online store at shop.garmin.co.za. Attackers deployed card-skimming technology to intercept customers' payment details as they entered information during transactions. The compromised data included full credit card information, home addresses, phone numbers, and email addresses—sufficient to enable fraudulent card activity. Garmin's investigation determined the incident impacted fewer than 6,700 customers. The breach stemmed from a third-party contractor responsible for operating the South African web portal, which utilized the Magento e-commerce platform known for documented security vulnerabilities. Attackers exploited these weaknesses to implant skimming malware capable of operating undetected for extended periods. Garmin confirmed the breach was geographically isolated to South Africa with no impact on other regional systems or customer data.

Garmin responded by immediately shutting down the compromised South African web portal upon detecting the breach. The company notified relevant regulatory authorities and initiated direct communications with affected customers, advising them to monitor their payment card statements for unauthorized transactions. No evidence suggested broader compromise of Garmin's corporate networks or primary customer databases. The incident highlighted risks associated with third-party-operated systems, as the contractor-managed Magento instance became the intrusion vector. Forensic analysis confirmed the skimming operation exclusively targeted data entered during checkout processes on the South African storefront. Garmin did not disclose the exact timeframe during which attackers harvested data but emphasized containment through the portal's deactivation and ongoing coordination with payment processors to mitigate fraud risks.