Golf gear brand Callaway reports data breach, 1 million persons impacted

Golf equipment manufacturer Callaway, operating under Topgolf Callaway Brands Corp., has reported a data breach affecting over 1 million individuals who used its e-commerce websites.

The breach, categorized as an "IT system incident," began on August 1 and impacted customers of various brand websites, including "Callaway, Odyssey, Ogio, and/or Callaway Golf Preowned sites."

Exposed information includes

• account passwords,
• security question responses,
• names,
• mailing addresses,
• email addresses,
• phone numbers,
• order histories.

The breach was discovered on August 16, and affected individuals started receiving notifications on the issue.

The specific nature and source of the incident have not been disclosed in the notification.

Other sensitive data such as payment card numbers or Social Security numbers remained unaffected by the breach. The data breach notification did not mention Topgolf's outdoor recreation centers.

In response to the incident, Topgolf Callaway initiated an investigation with external advisors and informed law enforcement. The company enforced a mandatory password reset for impacted customers and implemented additional security measures to safeguard its data, including enhanced security protocols and collaboration with external experts.