More than 1 Million Callaway Customers at Risk From Security Vulnerability
Table of Contents
- Published: Sep 05, 2023
- Last Updated: Nov 23, 2023
Topgolf Callaway is a powerful golf company that offers modern golfing entertainment, as well as selling golf equipment in most areas of the world. The organization maintains online and in-person stores in many different countries and sells to millions of customers annually. With so much customer data exchanging hands through this company and its many retailers, everyone involved is at risk because of a recent security vulnerability.
How Did the Attack Occur?
According to Topgolf Callaway, an IT incident exposed many of the company's eCommerce customers. There are no details about what went wrong on the company's websites to release important customer data to potential attackers, but this breach impacted a significant number of customers. The Callaway data breach began on August 1, 2023, and it was noticed on August 16, 2023. When the issue was noted, the company quickly began an investigation, notifying customers, and forced a password change for all its website users. The company took a significant number of security actions to resolve any security risks. The company relied on outside advisors to help it improve its overall security and make its users safer.
What Information Was Viewed or Stolen?
During the breach, various store account details were available on the internet. Data such as account passwords, mailing and email addresses, first and last names, security question answers, and order histories were all available to attackers. The Topgolf Callaway data breach is suspected to have impacted about 1 million online customers who shop with the company and one of its online stores. The Callaway, Ogio, Odyssey, and Callaway Preowned sites were all impacted, and customers from each had data exposed to the outside world. Anyone on the list of potential victims of this breach could suffer from future attacks.
How Did Callaway Admit to the Breach?
The golf organization submitted an official statement to the Maine Attorney General's office. The organization also sent individual notices to any suspected customers impacted by this data breach. If you receive any type of notice from the company, your data is likely at risk, and you could risk losing detailed information to the internet.
What Will Become of the Stolen Information?
It's difficult to say what will become of this information for sure because we don't know if there was any targeted attack or if the data was simply made available through a vulnerability that was never exposed. Either way, enough data was exposed for hackers to use it for effective phishing attacks. There is also the risk for the account username, password, and security question answers to be inputted into other online services and used to unlock bank accounts, eWallet services, email accounts, and much more.
What Should Affected Parties Do in the Aftermath of the Breach?
If your information was involved in this Callaway breach, the best thing you can do is change the password on any of your accounts that utilized the same password as your Callaway account. It's best to use different passwords for each of your accounts. Doing so can be challenging to manage, but many people rely on password manager tools for this purpose. You should also avoid giving away information to anyone via email or text messages because hackers may be using your Callway data to try and capture more information from you.
