Yankees hit a leak

The New York Yankees accidentally distributed a file containing information on more than 20,000 season ticket accounts. The spreadsheet contains account numbers, names, addresses, phone numbers, and email addresses, and was mistakenly sent to thousands of current clients.

The release of the spreadsheet can be traced to a simple mistake by a hapless Yankees season ticket rep, one wrong click revealing the team's records to all of his contacts. Monday morning, an account executive sent an email to nearly 2,000 clients, a regular informational newsletter that they receive
periodically. According to several fans who received the email, a file labeled "STL Homestand Newsletter (042511)" was attached that contained the information on all non-premium ticket holders — not just the rep's own licensees.

Within minutes, he attempted to "recall" the message using a Microsoft Outlook command, but this only works if both parties use the same system. Thousands received the file. (UPDATE: As of Wednesday evening, just as the Yankees first acknowledged the breach, that ticket rep was still at work for the team.)

It's unclear what one can do with the information contained in the file. There are no credit card numbers, but there are account ID numbers. And on Yankees.com, licensees need only their account ID number and password to access their accounts. With the spreadsheet, we have all the account IDs and can probably guess more than a few passwords via spouse's names, street names, and good old "abc123." At the very least, the list email addresses are valuable to spammers. Much like this month's Epsilon email breach, those listed in the Yankees' file could see an increase in spam and phishing attacks, and some licensees already report an increase in junk mail and unsolicited phone calls.

In an attempt to pin down just how many tickets the Yankees have sold for this year, he came up with:

2,179,237 total subscriber tickets sold
26,904 full season equivalents
17,686 separate subscriber accounts

He also gives a rough estimate for total non-premium season ticket revenue as $131,978,910.

UPDATE: The Yankees have responded with this email to all season ticket subscribers. The subject line was blank.

"We are writing to inform you about an accidental electronic distribution of information that you have previously supplied to the New York Yankees.
Monday evening, April 25, 2011, an employee of the Yankees sent an e-mail to several hundred Yankees Season Ticket Licensees. The e-mail mistakenly attached an internal Yankees spreadsheet that listed the following information associated with your New York Yankees account:
• Your name, and the address, phone number(s), fax number, and e-mail address that you previously provided to the Yankees.
• Your seat numbers, Yankees account number, Yankees account representative name, and the ticket package code associated with your account.
NO OTHER INFORMATION WAS INCLUDED IN THE DOCUMENT THAT WAS ACCIDENTALLY ATTATCHED TO THE APRIL 25TH E-MAIL. THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.
Please note, immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again.
The Yankees deeply regret this incident, and any inconvenience that it might cause.
Sincerely,
[Your Personal Ticket Rep]
Account Executive, Season Ticket Sales & Service
27-Time World Champions
New York Yankees
Yankee Stadium Ticket Office
One East 161st Street
Bronx, New York 10451"

 .