Garmin has been forced to shut down its call centres, website and some other online services after a ransomware attack encrypted the smartwatch maker’s internal network and some production systems.
The US company shut down services including the official Garmin website and all customer services, including phone lines, online chat and email.
The attack had a significant impact on Garmin watch owners as it also shut down the Garmin Connect service, which they rely on to synchronise their sporting activities, such as running, swimming and cycling, with a smartphone app to monitor performance.
In messages on its website and shared on Twitter, the company apologised to users and explained the extent of the shutdown.
“We are currently experiencing an outage that affects Garmin.com and Garmin Connect,” the company said. “This outage also affects our call centres and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologise for this inconvenience.”
It is not yet known if the attack involved any customer data being lost or stolen.
The attack also affected Garmin’s aviation database services, flyGarmin, which supports aviation navigational equipment, and some production lines in Asia, according to ZDnet.com.
Pilots told the tech website that they had not been able to download new Garmin software with up-to-date versions of the aviation database, which is a legal requirement for flying. The Garmin Pilot app, which is used to schedule and plan flights, was also hit by the attack.
The company has not officially said it was a ransomware attack. However company employees writing on social media after the incident all described it as such.
The Taiwanese tech news site iThome published an internal memo from Garmin’s IT staff to its Taiwan factories announcing two days of maintenance on Friday and Saturday, which sources told the website was caused by a “virus”.
Earlier this year, the foreign currency firm Travelex was attacked by ransomware hackers who threatened to release customers’ personal data, including dates of birth and payment card information, into the public domain unless the company paid a $3m (£2.4m) ransom.