NY Yankees staffer accidentally e-mails customer list

Data on nearly 18,000 season ticket holders is e-mailed in a customer newsletter

By , IDG News Service |  Security, data breach

A customer service representative with the New York Yankees accidentally e-mailed out personal details on close to 18,000 season ticket holders, the baseball team said Thursday.

According to a Yankees fan who received the spreadsheet, it was accidentally attached to a "Season Ticket Licensee Homestand Newsletter" sent Monday evening by a customer service representative.

The e-mail went out to several hundred season ticket holders, and contained names, addresses, phone numbers, fax numbers and e-mail addresses, along with the fans' seat numbers and Yankees account numbers.

The list contained data belonging to 17,687 non-premium season ticket holders, according to recipients, who posted details of the incident on a Yankees discussion forum. Because some ticket holders have several blocks of tickets, the total number of entries in the spreadsheet was even higher: 21,467.

The message was recalled by the sales representative within minutes, one recipient said. But by then it was too late.

The spreadsheet didn't have sensitive data such as Social Security numbers or credit card data, the Yankees said Wednesday in a press release, adding, "immediately upon learning of the accidental attachment of the internal spreadsheet, remedial measures were undertaken so as to assure that a similar incident could not happen again."

On its own, the type of information is not considered to be particularly sensitive. But security experts worry that big e-mail lists like this could be used as a stepping stone by phishers to create targeted attacks that then trick victims into disclosing more valuable information or installing malicious software.

Hackers have repeatedly gone after this information in the past. In recent weeks both Epsilon and software vendor Ashampoo acknowledged that they'd been hacked and e-mail addresses and customer names were stolen. In Ashampoo's case, the company's customers were then sent fake order confirmation e-mails that looked like they came from PurelyGadgets, a U.K.-based online retailer. These files contained maliciously encoded pdf documents that could install malicious software on the victim's computer if opened, according to Ashampoo.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness