Yanks’ season ticket holder account info leakedBy
Updated (8:41 p.m.): The Yankees’ ticket office accidentally leaked personal information from nearly 20,000 season ticket holder accounts, Deadspin and NYY Stadium Insider. The accidental leak, first reported by sjanowsky on the NYY Fans forum, is said to contact names, addresses, phone numbers and accounts numbers for non-premium season ticket holders.
Deadspin’s Barry Petchesky had more:
Precisely 21,466 season ticket plans are listed in the document, representing all of the “non-premium” seats that make up the vast majority of Yankee Stadium, excluding only the suites and the first few rows in the infield. So the high rollers and celebrities aren’t in here. Instead it’s regular folks like Mike Janos of Tarrytown, N.Y., who has seats 19 through 24 in row 18 of section 211, or small businesses like All American Laundry in the Bronx, which opted for the 15-game “Friday” plan.
The release of the spreadsheet can be traced to a simple mistake by a hapless Yankees season ticket rep, one wrong click revealing the team’s records to all of his contacts. Monday morning, an account executive sent an email to nearly 2,000 clients, a regular informational newsletter that they receive periodically. According to several fans who received the email, a file labeled “STL Homestand Newsletter (042511)” was attached that contained the information on all non-premium ticket holders — not just the rep’s own licensees.
Within minutes, he attempted to “recall” the message using a Microsoft Outlook command, but this only works if both parties use the same system. Thousands received the file.
We called multiple season ticket holders at random, based on their entries in the file. First we tried their work numbers, then their cell phones, and finally their email addresses. None had heard a single thing from the Yankees about their information being leaked. (The Yankees haven’t returned our call.)
Deadspin is currently “working on a way for fans to check if their information has been compromised,” but based upon reports on Twitter and NYY Fans, anyone with a non-premium ticket plan should just assume his or her account information was included on the spreadsheet. Petchesky notes that the security implications of this inadvertent leak are unclear. Because most people aren’t very creative with passwords, it’s probably likely that some accounts could be accessed, and season ticket holders should just their online account passwords to something more secure.
Outside of the security implications, the leak gives us a glimpse into the Yanks’ ticket sales volume. Ross at NYY Stadium Insider summarized:
- The Yankees’ total non-premium ticket licensee ticket revenue for far in 2011 is approximately $131,978,910 (plus or minus 1% accuracy due to possible discounting)
- There are 17,686 non-premium subscriber accounts
- There are 26,904 full season equivalents
- There are 21,468 ticket plans
- There are 59,498 ticket plan seats
- 2,179,237 total subscriber tickets sold
These numbers show a robust volume of sales but seem to fall short of claims by Yankee brass. Still, the club is obviously not hurting for ticket sales and fans. Whether those folks are showing up to the games is another question.
The team, meanwhile, issued a perfunctory statement. They confirmed that season ticket account ID numbers were released but said that the spreadsheet did not contain any birth dates, social security numbers, credit card numbers, or other financial info. “The Yankees deeply regret this incident and any inconvenience that it might cause,” the team said in the statement.
* * *
A few minutes ago, the Yankees sent an email out to their season ticket holders notifying them of the security breach. The email, sent without a subject line and posted in its entirety after the jump, claims that “remedial measures were undertaken so as to assure that a similar incident could not happen again.” The club has not urged its season ticket holders to change their account passwords but did reiterate the fact that no financial data was included in the leak. We’ll continue to follow this story as it develops.
The email from the Yanks:
Dear Yankees Season Ticket Licensee,
We are writing to inform you about an accidental electronic distribution of information that you have previously supplied to the New York Yankees.
Monday evening, April 25, 2011 an employee of the Yankees sent an e-mail to several hundred Yankees Season Ticket Licensees. The e-mail mistakenly attached an internal Yankees spreadsheet that listed the following information associated with your New York Yankees account:
- Your name, and the address, phone number(s), fax number, and e-mail address that you previously provided to the Yankees
- Your seat numbers, Yankees account number, Yankees account representative name, and the ticket package code associated with your account
NO OTHER INFORMATION WAS INCLUDED IN THE DOCUMENT THAT WAS ACCIDENTALLY ATTACHED TO THE APRIL 25TH E-MAIL. THE DOCUMENT DID NOT INCLUDE ANY BIRTH DATES, SOCIAL SECURITY NUMBERS, CREDIT CARD DATA, BANKING DATA, OR ANY OTHER PERSONAL OR FINANCIAL INFORMATION.
Please note, immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again.
The Yankees deeply regret this incident, and any inconvenience that it might cause.