Golf can be an incredibly frustrating game to play.
The great Winston Churchill described golf as "a game whose aim is to hit a very small ball into an even smaller hole, with weapons singularly ill-designed for the purpose.”
Interestingly, cybersecurity professionals face the exact opposite problem. They must defend their golf course, country club, and other facilities from cyberattacks by ensuring even the smallest gap is covered, forcing an attacker to take extra strokes to gain entry or give up in frustration.
A situation in which every golfer can relate.
Unfortunately, not all golf courses have solidified their defense or installed enough sand traps to deter potential cyber adversaries. In fact, an alarming number of courses worldwide have recently been successfully attacked, including:
-
K Club (Ireland) - Ransomware attack by SafePay ransomware group, disrupting IT systems and leaking financial/internal data just before hosting the Irish Open.
-
California Golf Club (Cal Club) - Breached by the Qilin ransomware gang, exposing sensitive member data.
-
American Golf Corporation - Allegedly fell victim to a cyberattack from the Medusa ransomware group. The hackers allegedly exfiltrated 154.9 GB of data, including full access account credentials (User ID, Passwords, Secret Keys), reports, licenses, passports, and financial data.
Each of the examples above shows why golf and related facilities are prime targets: like all hospitality-related industries, they hold a treasure trove of data, any downtime can be extremely costly, and they cannot afford a hit to their reputation
The Triple Threat: Digital Attack Surface, Vulnerabilities, and Physical Risks
An unfortunate aspect of golf facilities moving further into the digital realm has meant a larger attack surface for threat actors to target. These range from online tee-time booking to mobile card payment systems to seasonal personnel turnover. All of these are easy access points for a veteran threat actor to exploit.
The LevelBlue SpiderLabs’ 2025 Risk Radar Report – Hospitality Sector details how this is taking place and contains a great deal of actionable information that is useful to the golf industry.
Attacking Digital Assets
As with all professionals, threat actors often share their tricks of the trade. This is generally accomplished on underground forums dedicated to collaboration and sharing how-to guides. This can include detailed tutorials on how to insert stolen credit card data into active bookings, bypass verification checks, and avoid detection.
Other threat actors use stolen credit cards to create cheap offers to both the unsuspecting and the suspecting alike. In the travel industry, this has manifested as using the stolen credit card data, compromised loyalty accounts, or hijacked admin access to travel and booking platforms. They can then turn around and “sell” trips to people on the dark web looking for a cheap, if illegal, travel option.
Vulnerabilities
The most up-to-date numbers from LevelBlue SpiderLabs show that, as of April 2025, 95,040 vulnerabilities were discovered, with 3,884 unique CVEs, across the hospitality sector. Among these, 14,318 were critical vulnerabilities, and 1,521 were vulnerabilities in the CISA KEV list.
This is a large number of exposed vulnerabilities, especially considering the number of exposed hosts. For instance, in 2025's Manufacturing Industry threat report, LevelBlue found 166,188 publicly exposed hosts compared to the 62,565 we found in hospitality.
Physical Compromises
Then there are non-digital threats that may not always be top of mind, such as physical security concerns. Unlike conventional office buildings, where employee access is typically controlled through access cards, hospitality establishments face cybersecurity risks due to the accessibility of hardware by guests. For instance, the server closet in a country club could be left unlocked and easily accessible, or a nearby device that is left unguarded by an employee.
Protecting Your Facility
These challenges can be addressed, but only if organizations evolve their cybersecurity posture from reactive to proactive.
- Inventory, Assess, and Patch: Create a regular ongoing inventory of your networks, including network addresses, OS, and OS versions, open ports, and installed applications.
- Strengthen Identity and Access Controls: Enforce MFA across all systems, especially for remote access (RDP, VPN, admin dashboards, and cloud platforms).
- Monitor and Control Remote Access Tools: Inventory and control the use of Remote Monitoring and Management (RMM) software (AnyDesk, Atera, ScreenConnect) and block unapproved tools by default.
- Secure Third-Party and Supply Chain Relationships: Conduct risk assessments on vendors and service providers, especially those with access to guest data or core infrastructure.
- Backups and Business Continuity: Maintain encrypted, offline, and immutable backups of critical systems (PMS, POS, HR, financial). Regularly test backup restoration procedures under simulated attack scenarios.
- Raise Internal Awareness and Training: Conduct cybersecurity training for all employees, tailored to roles, e.g., front desk, finance, marketing, and IT.
LevelBlue is Teed Up and Ready to Help
The PGA of America recognizes the threat posed to the golf industry and has taken the proactive step of inking a multi-year partnership with LevelBlue.
The deal has LevelBlue providing comprehensive cybersecurity services to the PGA of America, securing the Association’s digital infrastructure and flagship events.
Beyond securing the Association and its major championships, LevelBlue will provide golf courses, facilities, and the thousands of businesses driving the golf economy with access to specialized managed security and strategic services.
