Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Yankees Spill Info of 20k Season Ticket Holders

An off-field error by a Yankees season ticket representative lead to a spreadsheet containing the personal information on more than 20,000 New York Yankees season ticket holders being sent out to several thousand Yankees season ticket licensees.

An off-field error by a Yankees season ticket representative lead to a spreadsheet containing the personal information on more than 20,000 New York Yankees season ticket holders being sent out to several thousand Yankees season ticket licensees.

Yankees Leak PersonalThe file contains information on season ticket accounts including, account numbers, names, addresses, phone numbers, and email addresses. As a result, Yankees’ fans may very well see an increase in spam and targeted phishing attacks, and possibly an increase in harassing emails from Boston Red Sox fans.

According to Barry Petchesky at DeadSpin.Com, the file listed 21,466 season ticket plans, which represented all of the “non-premium” seats.

According to Petchesky, “The release of the spreadsheet can be traced to a simple mistake by a hapless Yankees season ticket rep, one wrong click revealing the team’s records to all of his contacts. Monday morning, an account executive sent an email to nearly 2,000 clients, a regular informational newsletter that they receive periodically. According to several fans who received the email, a file labeled “STL Homestand Newsletter (042511)” was attached that contained the information on all non-premium ticket holders — not just the rep’s own licensees.”

The Yankees have acknowledged the incident and have notified its customers. In an email to clients last night, the Yankees wrote:

We are writing to inform you about an accidental electronic distribution of information that you have previously supplied to the New York Yankees.

Monday evening, April 25, 2011, an employee of the Yankees sent an e-mail to several hundred Yankees Season Ticket Licensees. The e-mail mistakenly attached an internal Yankees spreadsheet that listed the following information associated with your New York Yankees account:

• Your name, and the address, phone number(s), fax number, and e-mail address that you previously provided to the Yankees.

• Your seat numbers, Yankees account number, Yankees account representative name, and the ticket package code associated with your account.

Advertisement. Scroll to continue reading.

NO OTHER INFORMATION WAS INCLUDED IN THE DOCUMENT THAT WAS ACCIDENTALLY ATTATCHED TO THE APRIL 25TH E-MAIL. THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.

Please note, immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again.

The Yankees deeply regret this incident, and any inconvenience that it might cause.

Petchesky also pointed out that NYYFans.Com forum members are working through the spreadsheet and attempting to do some financial analysis. Apparently one user came up with the following stats, though these numbers are NOT verified: 2,179,237 total subscriber tickets sold
. 26,904 full season equivalents. 
17,686 separate subscriber accounts. The forum member also estimated ticket revenue of about $131,978,910 for total non-premium season tickets.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.