The Garmin logo.

Garmin has confirmed that the “outage” that shut down many of its online services last Thursday, including its fitness-tracking app and parts of its website, was the result of a ransomware attack.

Many of the services were restored Monday morning, but some remained down into the afternoon. The company says it expects any remaining problems to be resolved “over the next few days.” 

“We immediately began to assess the nature of the attack and started remediation,” Garmin said in its Monday statement, adding that there’s “no indication” that any customer data, including payment information, was compromised in the attack.

More on Data Security

In addition to disrupting functions on its website, Garmin says, the attack affected operation of the Garmin Connect app, which collects and analyzes data from the company’s smartwatches and trackers. The data continued to be collected on the devices, but the attack kept them from syncing with the app.

Garmin’s call centers have also been affected, leaving the company unable to receive calls and emails, and participate in online chats. But Garmin’s GPS products and other devices weren’t affected.

As first reported by ZDNet on Thursday, some media outlets almost immediately attributed the outage to a ransomware attack, pointing to tweets allegedly posted by Garmin employees. 

Ransomware is a type of computer virus designed to infiltrate and lock down computers and the networks they’re connected to. Unless a ransom is paid, any data stored on the system remains encrypted and useless to its rightful owners. While in the past, cybercriminals have targeted individual consumers with ransomware, most have moved on to bigger, more lucrative targets, including hospitals, schools, and municipalities.

Slightly more than half of about 1,000 IT security professionals from around the world surveyed earlier this year by the email security company Mimecast said their businesses had been affected by ransomware in the previous year. Those attacks took down their systems for three days, on average. 

While many ransomware attacks go unreported, recent high-profile victims have included the University of California, San Francisco, and the city of Florence, Ala.