eDiscovery Daily Blog
Even in Baseball, Hacking Can Get You Prison Time: eDiscovery Trends
Last June, we covered this story about the St. Louis Cardinals, one of the most successful teams in baseball over the past two decades, as under investigation by the F.B.I. and Justice Department prosecutors, accused of hacking into an internal network of my hometown team, the Houston Astros, to steal internal discussions about trades, proprietary statistics and scouting reports, among other competitive information. As a result of the investigation, the former scouting director of the Cardinals, Christopher Correa (not to be confused with Astros star shortstop Carlos Correa), was sentenced to nearly four years in prison Monday for hacking the Astros’ player-personnel database and email system.
Correa had pled guilty in January to five counts of unauthorized access of a protected computer from 2013 to at least 2014, the same year he was promoted to director of baseball development in St. Louis. He was fired last summer and now faces 46 months behind bars and a court order to pay $279,038 in restitution.
The data breach was reported in June 2014 when Astros general manager Jeff Luhnow told reporters the team had been the victim of hackers who accessed servers and proceeded to publish online months of internal trade talks. Luhnow had previously worked for the Cardinals. The FBI said Correa was able to gain access using a password similar to that used by a Cardinals employee who “had to turn over his Cardinals-owned laptop to Correa along with the laptop’s password” when he was leaving for a job with the Astros in 2011. The employee was not identified, though Luhnow left St. Louis for Houston in December of that year to become general manager of the Astros.
So, not only can accessing your former company’s data with a shared password make you a hacker, using a variation of a departed employee’s old password to access data at his new employer can also make you a hacker. You could even face jail time for deleting employer files before leaving your job. A few more decisions like this might actually cut down on cybersecurity breaches within organizations. Then again, it might not.
So, what do you think? Do you expect to see more breaches like this between competitors in various industries? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.