Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Golf Gear Manufacturer. Show all posts

Golfing Community Shaken as Calloway Data Breach Hits One Million Fans

 


At the start of August, Topgolf Callaway (Callaway) was hacked by hackers, exposing the sensitive account and personal information of over 1 million customers to the dangers of identity theft. There are many manufacturers and retailers of various types of sports equipment in the US, however, Callaway is the leading brand of golf gear and accessories, including clubs, balls, bags, gloves, and hats.

Amounted to approximately $1.2 billion in revenue in the past year, the company has a presence in more than 70 countries globally. A total of roughly 25,000 people are employed at this company. In the company's product line, there is a variety of golf gear that is made by Callaway. 

Over 1 million people were affected by a data breach reported by the company. As part of an "IT system incident" that began on August 1 and involved some users of Topgolf Callaway Brands Corp.'s e-commerce websites, Topgolf Callaway Brands Corp. has been alerting customers that certain users' information had been exposed. 

A notification email was sent by the company to the victims last week, explaining what had happened and what steps were being taken by the company to address the issue. According to the email, there was an intrusion by an unknown malicious external party into the company's e-commerce system on August 1, impacting the availability of some of the company's e-commerce services as a result. 

The cyber intrusion occurred on an unknown date in the past. A security breach has affected users of several Callaway Golf sites, including Callaway Golf Preowned, Odyssey, Ogio, and Odyssey. As a result of the attack, sensitive user data, such as full names, shipping addresses, e-mail addresses, phone numbers, order history, account passwords, and security questions, were stolen by the attackers. 

As per the notice, no sensitive information such as payment information, ID information, or Social Security Numbers (SSNs) were collected. Upon investigation into this matter, it has been found that data about users of the website, including their names, mailing addresses, email addresses, phone numbers, order history, passwords for their accounts, and answers to their security questions are impacted. 

A police report has been filed and the police have been notified immediately. Approximately 1,114,954 pieces of private information were exposed in total during the data breach. Because the attackers stole passwords and answered security questions, 

A public notice about the breach was made on August 29th by the Maine Attorney General's office. Maine has strict rules concerning cyberattacks that compromise the privacy of any of its residents, of whom 2,219 were affected by the hack. 

There have been no breaches of payment card and government identification numbers, such as Social Security numbers, that have affected credit and debit cards. A company representative confirmed that the company does not store any of this information. 

There was a lot of time when the security questions had to be disabled, and the passwords had to be reset by force almost a month later. Callaway reset everyone's log-in credentials and compelled everyone to change their password at the next login time until a new password could be created. The Maine Division of Environmental Protection notified all residents affected by this action by email on the same day that this action was completed. 

Upon resetting their passwords, customers will be able to access their accounts once they have regained access to them. There is a strong recommendation that users should also change the passwords on other websites where they use the same login information. 

Topgolf Callaway has set up a special toll-free incident response line, which is available to answer any questions or concerns that individuals may have. Detailed instructions can be found on the company's website, as well as a dedicated, toll-free incident response line. 

Although it is unclear whether the incident is a ransomware attack, as many of the company's e-commerce services have been affected by the incident, it is a strong possibility that it is indeed a ransomware attack. 

The attack, if it was indeed a ransomware attack, has so far not been claimed by any ransomware groups, nor has it been attempted to be sold through the dark web. It is unlikely, however, that this information won't surface somewhere on the dark web someday. 

There is a possibility that the data collected could be used for identity theft and phishing attacks. However, the company is taking measures to protect its customers' data through proactive measures. To regain access to the system, users are automatically directed to the “callawaygolf.com/reset-password” page where they can find instructions on how to proceed with resetting their password. 

Following the data theft, the company worked fast to reset passwords for all users who had their passwords stolen. The use of the same passwords for other websites or online services should be avoided if you are already consistently using the same password for multiple websites or online services. 

Passwords should be made up of alphanumeric and symbol characters only. Credential-stuffed attacks can be minimized by adopting this precautionary measure. Callaway customers need to stay cautious when communicating with unknown senders regarding the possibility of sharing additional data, and they should treat them as potentially malicious messages.