Kyle Devitte

Monday August 28th, 2017

In what is being called a “data incident” by Major League Lacrosse, personal details of every player in the MLL player pool — even inactive individuals — were briefly exposed via a publicly accessible link to an excel spreadsheet. That spreadsheet contained the “full name, address, telephone number, email address, Social Security number, citizenship, date of birth, height, weight, position, college, graduation year, team, and non-MLL occupation” of every individual currently registered with the Major League Lacrosse player pool. The public link to the spreadsheet was discovered by internal MLL personnel and disabled, but the far reaching impact of this breach is as yet unknown.

Players were notified via email that their information was compromised and they were advised to “Establish free 90-day fraud alerts with the three credit reporting bureaus” and “consider placing a credit freeze on accounts which will make it more difficult for someone to open an account.”

In addition, the compromised individuals were given information on how to file a complaint with the FTC if they become the victim of identity theft.

The league has yet to release an official statement on the breach. New York Lizard defender and MLL Players' Council member Ryan Flanagan provided this statement to IL.

"This is unacceptable and inexcusable. The spreadsheet that was shared publicly with player information has been shared privately on more than one occasion. Players have previously requested that the file not be shared with anyone and that any files with player information be encrypted and password protected. This request was clearly ignored. On top of that, the issue of player information being shared publicly was brought to the attention of the league on Aug. 23. The league did not send a note to those impacted until Aug. 28. The individuals that were aware of the information breach went home for the weekend without making the players aware that their personal information was shared publicly. This is unacceptable."

"We greatly appreciate Commissioner Gross offering prepaid credit monitoring to those impacted. However, the players of Major League Lacrosse have continued to create an outstanding on-field product for fans and deserve better treatment off-the-field in a variety of areas, including the protection of our personal information."

Current and former players have shared their displeasure on Twitter.

Got the same email. Wasn't just email addresses and birth dates, lots of personal info not a great day for former players of @MLL_Lacrosse https://t.co/cBkaeuvyZq — Liam Banks (@LB3Liam) August 28, 2017

I am 44 years old and still in the player pool? Why??? So now the old guy gets effected too. Who is the genius that messed up? — Ric Beardsley ® (@UncleRickyBeast) August 28, 2017

You couldnt sell a comedy script written based on the blunders of @MLL_Lacrosse this season. A Movie company would say its too unbelievable. — Jerry Ragonese (@FlowGo37) August 28, 2017

So I guess it's not a fake email...great! — Ryan Benesch (@beniboi21) August 28, 2017

Updated on Aug. 29 at 6 p.m.

UPDATE: Major League Lacrosse has released the following statement through Lax Sports Network:

"The players are the ones impacted. Major League Lacrosse will communicate directly to the players to make sure they are receiving the most accurate information. Player social security numbers only exist in a secure location. We are judiciously working on a contract with a reputable company to set up long-term credit protection solution for all impacted players. The immediate step outside of long-term protection solution, is that all social security numbers have been removed from spreadsheets and other documentation."

Note: Inside Lacrosse reached out to league personnel for a statement Monday night, but has not received one, only what the league put out through Lax Sports Network.