Calloway data breach sees over a million golf fans afffected

A blue color image of a person trying to log into a protected laptop.
(Image credit: Shutterstock/JARIRIYAWAT)

American sports gear giant Topgolf Callaway suffered a data breach last month that exposed sensitive data belonging to more than a million customers.

The company sent a notification email to the victims last week, explaining what had happened and what the company was doing about it.

In the email, it was said that an unknown malicious third party made its way into the company’s systems on August 1, in an event that affected the availability of some of its e-commerce services. Furthermore, the attackers stole sensitive user data including full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions. Payment information, government ID information, or Social Security Numbers (SSN), were not taken, the notice reads.

Forced password reset

The incident affected not just Callaway, but a couple of other brands under its umbrella, such as Odyssey, Ogio, and Callaway Gold Preowned. A total of 1,114,954 individuals were affected by the breach.

Due to the fact that the attackers took passwords and answers to security questions, Callaway reset everyone’s login credentials and forced users to set up a new password on next login. 

Callaway specializes in golf gear such as clubs, balls, gloves, caps, balls, and more, BleepingComputer reported. The company services more than 70 countries around the world, and counts some 25,000 employees. Its annual revenue exceeds $1.2 billion.

We don’t know if the incident is a ransomware attack, but given that some of the company’s e-commerce services were affected, it is a strong possibility. Yet, no ransomware groups have yet taken responsibility for the attack, or tried to sell the database on the dark web. Still, the data taken can be used in identity theft and phishing attacks, so it’s unlikely it won’t surface somewhere on the dark web.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.