Golf Gear Giant Callaway Suffers Data Breach Exposing Information of 1.1 Million Customers

Topgolf Callaway (Callaway), one of the leading manufacturers and sellers of golf equipment and accessories, experienced a data breach at the beginning of August. This breach resulted in the exposure of sensitive personal and account information belonging to over one million customers.

Overview of Callaway

Callaway is an American company that specializes in producing and selling sports equipment, focusing primarily on golf gear such as clubs, balls, bags, gloves, and caps. With a presence in more than 70 countries worldwide, Callaway generates an annual revenue exceeding $1.2 billion and employs approximately 25,000 individuals.

The Data Breach Incident

In a letter sent to affected individuals on August 29, 2023, Callaway detailed an IT system incident that occurred on August 1st. This incident disrupted the availability of the company’s e-commerce services and exposed certain customer information to an unauthorized entity.

Callaway promptly detected the breach and took immediate action to contain it. The compromised customer data includes full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions.

Impacted Customers and Sub-Brands

The data breach affects customers of Callaway as well as its sub-brands: Odyssey, Ogio, and Callaway Gold Preowned. These brands all operate under the same business umbrella.

Extent of the Breach

The incident has impacted a total of 1,114,954 individuals in the United States. However, it is important to note that no payment card information, government IDs, or Social Security Numbers (SSNs) were exposed during the breach.

Protective Measures

Given that user account information, including passwords and security questions, were compromised, Callaway has enforced a mandatory password reset for all customer accounts to prevent unauthorized access.

To reset their passwords and regain access, users are automatically redirected to the “” page, where they can find detailed instructions.

Additionally, to minimize the risk of credential-stuffing attacks, it is strongly advised that customers who used the same login credentials for other websites or online services change their passwords. Using a combination of alphanumeric and symbol characters is highly recommended.

Remaining Vigilant

Customers should exercise caution when receiving communications requesting additional data and treat messages from unknown senders as potentially malicious.

Leave a Reply

Your email address will not be published. Required fields are marked *