HQ/EMEAFind out how we can help your business
One of the world’s leading golf gear companies, Topgolf Callaway, sustained a data breach attack last month, exposing millions of its customers’ sensitive personal and account information.
The affected entity is an American sports equipment manufacturer and seller specialising in golf-related products, such as golf balls, clubs, gloves, bags, and caps. The company has branches and retailers in over 70 countries globally.
Moreover, it is home to approximately 25,000 employees and earns a yearly revenue of over $1.2 billion.
Topgolf Callaway rolled out notification letters about the data breach to the affected individuals.
In their notification letters sent late last month, Topgolf Callaway explained that an IT system incident happened, impacting the availability of its e-commerce services and exposing customer data to an unauthorised individual.
In addition, the company assured everyone that they would take immediate action to mitigate the effects of the campaign and isolated the compromised system to contain the attackers’ access.
The confirmed customers’ data exposed during the breach includes full names, shipping addresses, email addresses, phone numbers, order histories, security questions, and account passwords.
Further investigations showed that the incident could also affect the customers of Callaway and its sub-brands, such as Ogio, Odyssey, and Callaway Gold Preowned sites that all operate under the same business network.
The breach notification letters also claimed that the infected impacted approximately 1.1 million people in the United States. Fortunately, the notice emphasised that the breach did not reach any critical details of the customers, such as payment card info, government-issued IDs, or SSNs during the attack.
However, the company urged users to reset their passwords since the attackers acquired credentials like passwords and security recovery questions. The company also instructed users to reset their passwords on the official website to regain access.
Furthermore, customers who use identical credentials for other websites or online services should also change them since the threat actors could attempt to log in to other websites using the stolen information.
Experts suggest that the affected customers should be vigilant of all incoming communications as the threat actors could execute other malicious campaigns using the stolen data, like targeted phishing attacks.
