Golf equipment giant Callaway experienced a significant data breach at the beginning of August, impacting more than a million customers. The breach exposed sensitive personal and account information of these customers, including full names, shipping addresses, email addresses, phone numbers, order histories, account passwords, and answers to security questions.
Furthermore, Callaway, a prominent American sports equipment manufacturer with a presence in over 70 countries and an annual revenue exceeding $1.2 billion, quickly detected the breach and took immediate steps to contain it.
While the breach affected customers of Callaway and its sub-brands like Odyssey, Ogio, and Callaway Gold Preowned, it’s noted that no payment card information, government IDs, or Social Security Numbers (SSNs) were compromised.
At the same time, to safeguard affected accounts, Callaway enforced a mandatory password reset for all customers. Users are directed to the “callawaygolf.com/reset-password” page for instructions on resetting their passwords.
Customers who utilize the same credentials for other online services are strongly advised to change their passwords to enhance security and reduce the risk of credential-stuffing attacks.
Furthermore, Callaway issued a caution to its customers regarding communications requesting additional data and urged vigilance when dealing with messages from unknown sources. This breach underscores the ongoing need for robust cybersecurity measures, especially in industries that handle sensitive customer information.