Secure your small business:
Apps → Data →

Golf gear giant Callaway data breach exposes info of 1.1 million

September, 2023
Quick definition  ⓘ
22Billion
Number of data records exposed by cybersecurity breaches in 2021.https://www.riskbasedsecurity.com/2022/02/04/data-breach-report-2021-year-end/

Key Points

    In August, Callaway, a prominent golf equipment and accessories manufacturer, found itself in the midst of a data breach affecting more than 1.1 million of its customers. The breach, stemming from an IT system incident on August 1, 2023, resulted in unauthorized access to customer data, including sensitive details like full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions.
© Photozek07 | Dreamstime.com

Quick Read

Golf equipment titan Callaway found itself grappling with a cybersecurity challenge in August as it suffered a data breach that exposed the personal and account information of over 1.1 million customers. Callaway, renowned for its golf equipment and accessories, including clubs, balls, bags, gloves, and caps, operates in more than 70 countries globally and boasts an annual revenue exceeding $1.2 billion, with a workforce of approximately 25,000 individuals.

The breach, linked to an IT system incident that unfolded on August 1, 2023, led to a temporary disruption in the availability of Callaway's e-commerce services and unauthorized access to customer data. The compromised information encompasses an array of personal details, such as full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions. Notably, this breach has repercussions not just for Callaway customers but also extends to patrons of its affiliated brands, which include Odyssey, Ogio, and Callaway Gold Preowned, all operating under the same corporate umbrella.

Despite the breach, it is important to highlight that no financial information, government identification, or Social Security Numbers (SSNs) were exposed in the incident. Nevertheless, Callaway promptly initiated a mandatory password reset for all customer accounts to bolster security. Customers seeking to regain access to their accounts are directed to the designated reset portal at "callawaygolf.com/reset-password," where they will find step-by-step instructions on how to proceed.

In the wake of this data breach, cybersecurity experts emphasize the critical importance of using distinct and robust passwords for various online services. If customers employ the same credentials across multiple websites or online platforms, it is highly recommended that they promptly change their passwords to a combination of alphanumeric characters and symbols. This proactive measure can significantly reduce the risk of falling victim to credential-stuffing attacks, a common method employed by cybercriminals to gain unauthorized access to accounts through reused credentials.

While Callaway moved swiftly to address the breach and secure its customers' accounts, this incident serves as a stark reminder of the pervasive threat of data breaches in our increasingly digital world. Heightened vigilance and proactive measures to safeguard personal information remain paramount in safeguarding against the potential ramifications of such breaches.

Further Reading

—Jess Hofmann

Need Data Breach solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.

 

Thanks for reaching out! A Plurilock representative will contact you shortly.

What Plurilock Offers
SSO, CASB, and DLP with Real-Time Passive Authentication

More to Know

Quick Definition

A Data Breach is a situation in which information security has failed, enabling sensitive data of any kind to be accessed by unauthorized individuals despite whatever protections were in place. Data breaches have become a particular concern in recent years because such stolen data is often subsequently distributed widely, in particular on the dark web, where it is often aggregated and sold for illicit activity, identity theft, or further cyberattacks of various kinds.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.