Yanks' season ticket holder account info leaked

Updated (8:41 p.m.): The Yankees’ ticket office accidentally leaked personal information from nearly 20,000 season ticket holder accounts, Deadspin and NYY Stadium Insider. The accidental leak, first reported by sjanowsky on the NYY Fans forum, is said to contact names, addresses, phone numbers and accounts numbers for non-premium season ticket holders.

Deadspin’s Barry Petchesky had more:

Precisely 21,466 season ticket plans are listed in the document, representing all of the “non-premium” seats that make up the vast majority of Yankee Stadium, excluding only the suites and the first few rows in the infield. So the high rollers and celebrities aren’t in here. Instead it’s regular folks like Mike Janos of Tarrytown, N.Y., who has seats 19 through 24 in row 18 of section 211, or small businesses like All American Laundry in the Bronx, which opted for the 15-game “Friday” plan.

The release of the spreadsheet can be traced to a simple mistake by a hapless Yankees season ticket rep, one wrong click revealing the team’s records to all of his contacts. Monday morning, an account executive sent an email to nearly 2,000 clients, a regular informational newsletter that they receive periodically. According to several fans who received the email, a file labeled “STL Homestand Newsletter (042511)” was attached that contained the information on all non-premium ticket holders — not just the rep’s own licensees.

Within minutes, he attempted to “recall” the message using a Microsoft Outlook command, but this only works if both parties use the same system. Thousands received the file.

We called multiple season ticket holders at random, based on their entries in the file. First we tried their work numbers, then their cell phones, and finally their email addresses. None had heard a single thing from the Yankees about their information being leaked. (The Yankees haven’t returned our call.)

Deadspin is currently “working on a way for fans to check if their information has been compromised,” but based upon reports on Twitter and NYY Fans, anyone with a non-premium ticket plan should just assume his or her account information was included on the spreadsheet. Petchesky notes that the security implications of this inadvertent leak are unclear. Because most people aren’t very creative with passwords, it’s probably likely that some accounts could be accessed, and season ticket holders should just their online account passwords to something more secure.

Outside of the security implications, the leak gives us a glimpse into the Yanks’ ticket sales volume. Ross at NYY Stadium Insider summarized:

The Yankees’ total non-premium ticket licensee ticket revenue for far in 2011 is approximately $131,978,910 (plus or minus 1% accuracy due to possible discounting)
There are 17,686 non-premium subscriber accounts
There are 26,904 full season equivalents
There are 21,468 ticket plans
There are 59,498 ticket plan seats
2,179,237 total subscriber tickets sold

These numbers show a robust volume of sales but seem to fall short of claims by Yankee brass. Still, the club is obviously not hurting for ticket sales and fans. Whether those folks are showing up to the games is another question.

The team, meanwhile, issued a perfunctory statement. They confirmed that season ticket account ID numbers were released but said that the spreadsheet did not contain any birth dates, social security numbers, credit card numbers, or other financial info. “The Yankees deeply regret this incident and any inconvenience that it might cause,” the team said in the statement.

* * *

A few minutes ago, the Yankees sent an email out to their season ticket holders notifying them of the security breach. The email, sent without a subject line and posted in its entirety after the jump, claims that “remedial measures were undertaken so as to assure that a similar incident could not happen again.” The club has not urged its season ticket holders to change their account passwords but did reiterate the fact that no financial data was included in the leak. We’ll continue to follow this story as it develops.

The email from the Yanks:

Dear Yankees Season Ticket Licensee,

We are writing to inform you about an accidental electronic distribution of information that you have previously supplied to the New York Yankees.

Monday evening, April 25, 2011 an employee of the Yankees sent an e-mail to several hundred Yankees Season Ticket Licensees. The e-mail mistakenly attached an internal Yankees spreadsheet that listed the following information associated with your New York Yankees account:

Your name, and the address, phone number(s), fax number, and e-mail address that you previously provided to the Yankees

Your seat numbers, Yankees account number, Yankees account representative name, and the ticket package code associated with your account

NO OTHER INFORMATION WAS INCLUDED IN THE DOCUMENT THAT WAS ACCIDENTALLY ATTACHED TO THE APRIL 25TH E-MAIL. THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA, OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.

Please note, immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again.

The Yankees deeply regret this incident, and any inconvenience that it might cause.

http://www.freewebs.com/yankeesfansunite/apps/blog/ Matt

not good at all. let the letterman jokes start.
Will

What I would be worried about is people calling claiming to be from the Yankees. With your seat number, account number, rep name, and ticket package code it would be very easy to pass as an actual rep. From there getting additional personal information could become a lot easier. The occasional absent-minded fan who forgot about this email might not think twice about giving out their personal email to someone because of this mistake.
- Slugger27
  
  because i work for a sports team and im confident the sales practices are nearly identical, i can vouch that a stunt like that would be easy with this information.
  
  sports sales reps use a system called “archtics” that they store all this information with. if you called a rep’s direct line claiming to be one of his STHs, had your archtics number (your account number) ready, and could verify with email and mailing address, there would be no chance they’d catch you.
Fred Phelps

Spam that list with the “Killer B’s” T-Shirt link!
brian g

as lame as it is that this happened, it’s even worse that so much attention is being drawn to it.
- http://www.secondavenuesagas.com Benjamin Kabak
  
  Why? People deserve to be aware of the fact that this data has been leaked so they can take the necessary precautions to make sure nothing bad comes of it.
  - Fred Phelps
    
    Exactly. Turns out I was a lucky winner! I have the full file in my possession. It’s quite the list. There are minor celebrities and NY personalities in there.
    
    Anyone want to call Steve from WasWatching at home?
    - Mike
      
      Yeah, I don’t know if you’re joking or not, but this is exactly why people, myself included, are upset.
      
      On a lighter note, maybe I can get a free hot dog and soda as restitution!
      - Fred Phelps
        
        No joke. If you tell me your street name I can confirm for you.
        
        It does look like every account holder in the non-pig seats are in there, including me.
Mike

Well I’m a ticket plan holder so this sucks a big one. Do any of the sites have the information? Did they post all the names anywhere?
- http://www.secondavenuesagas.com Benjamin Kabak
  
  Deadspin is in possession of the spreadsheet, but I don’t believe they’re going public with it yet. They’re trying to figure out a way to host it so that season ticket holders can determine whether or not they are on the list.
- http://www.riveraveblues.com Mike Axisa
  
  You can email Deadspin and they’ll tell you if you’re on it.
  - Fred Phelps
    
    Post your name here and I’ll tell you!
Fred Phelps

There is at least one Billionaire on the list.
- Fred Phelps
  
  Post here any ideas on how I can contact them with a great investment opportunity!
  
  T-Shirts.
  
  “Save the Killer B’s”.
  - http://buckynation@gmail.com Steve
    
    Fred, Can you please contact me at buckynation@gmail.com regarding this list. I have been working on website, and with your help, I think you could be of great help to me. Regards, Steve
Neil

What exactly is the ticket package code?
Kiko Jones

THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA, OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.

As a prior victim of identity theft, this leak is not the worst of news, considering it doesn’t include the above. Not to be non-chalant but the info that was disseminated doesn’t seem that hard to obtain for whomever may have been interested, or of a very sensitive nature, especially if it does not include birth/SS/financial data. Regardless, it sucks. But it’s not something a few minor precautions can’t take care of. As for the Yankees, someone’s losing their job over this.
http://facebook.com/andrewjcalagna Drew

The Playstation Network, my iphone tracking my every movement, and now the Yankees. Wow my information is all over the fucking place now huh? This has to be one huge hack or something.