April 29, 2011

Oh, somewhere in this favored land the sun is shining bright;
The band is playing somewhere, and somewhere hearts are light,
And somewhere men are laughing, and somewhere children shout;
But there is no joy in New York -- the mighty Yankees have struck out.

The Bronx Bombers own 27 World Series titles, have earned 40 American League Pennants, play baseball in The House Next To The Empty Lot That Was The House That Ruth Built, and are generally recognized as one of America's most-storied teams. A beacon of sporting greatness, surely the Yankees could protect home plate in terms of data security.

But for every play at the plate that goes the home team's way, every once in a while, the catcher simply can't keep his grip on the ball.

Now we know that, of exactly 21,466 of the Yankees' season ticket holders, 4,156 use Aol email, 3,367 use Gmail, 3,118 use Yahoo! and 1,611 are on Hotmail. They are alumni of Columbia, NYU, CUNY and an assortment of primarily East Coast schools (Deadspin).

And Yankees season ticket holders are the latest group to have some of their personal info leaked to the masses. Epsilon, Sony, New York Yankees. The leaks happen in different ways. This time a team employee accidentally attached a spreadsheet containing names, email addresses, home addresses and fax numbers (no social security numbers or credit card details) to an email sent out to a group of season ticket holders.

As with the Epsilon breach earlier in April, there is no direct threat to banks. Indirectly, the names and email addresses of those wealthy enough to spend their disposable income on season seats at new Yankee Stadium, could now be the target of spear phishers.

There's software available to mitigate the risk of sending classified data in an email to external recipients. One might bet the Yankees IT staff is doing research on that software now.

Somewhere Ted Williams is laughing.

ABOUT THE AUTHOR