A New York Yankees ticket rep apparently sent out an email blast that included a spreadsheet containing the names, addresses, phone numbers, and email addresses of 20,000 season ticket accounts, according to a report in DeadSpin.com, a sports website.
The file was mistakenly attached to a newsletter delivered periodically to 2,000 clients, according to reports.
The incident, including the Yankees’ response, prompted a fury of complaints on Twitter.
“Thanks a lot Yankees. You email my account info to a bunch of people, but your site is broken and won’t let me change my password. #FAIL,” tweeted @GatorLenny.
“How do the Yankees send out an email apologizing for leaking personal information without even including a subject line?” complained @AndrewLeighNYC.
The Yankees told ESPN.com: “No other information was included in the document that was accidentally attached to the Apr. 25 email. The document did not include any birth dates, social security numbers, credit card data, banking data or any other personal information.”
One season ticket to 81 games can fetch between $1,600 for a grand stand seat to more than $20,000 a year for a seat at field level. A list with names, email addresses, and other contact information for people who can afford those ticket prices could be considered a treasure trove some marketers and even more nefarious characters.
“The Yankees are the Yankees. This adds fuels to fire for everyone. It’s another reason for everyone else to hate Yankees. But it probably doesn’t change a whole lot [for fans],” said Simms Jenkins, CEO of marketing consultancy BrightWave Marketing based in Atlanta.
He pointed out that the case involving the Yankees is very different from the incidents involving email service provider Epsilon and video games brand PlayStation. In those cases, potentially malicious outsiders apparently sought out access to the information, rather than an accidental breach.
Still, Jenkins, who’s a Baltimore Orioles fan, said these incidents could erode the public’s confidence in businesses that collect email addresses and other customer information. And the exposures underscore why businesses should impose limits on access to customer information, including email addresses.
“A lot of people will say, ‘This is just an email address, not your credit card…you are not going to have your bank account drained,'” he said. On the other hand, others will contend: “My email address is who I am online.”
Last week, the Online Trust Alliance recommended that its members, which include interactive marketers and ad technology vendors, to treat email addresses like personally identifiable information and to take other measures to improve the security of customer information.
A Yankees spokesman did not respond to a request from ClickZ News for information about what measures the team was taking in response to the incident.