On January 9, 2016, the former scouting director of the St. Louis Cardinals plead guilty to five counts of unauthorized access to a private computer for utilizing a former employee’s credentials to hack into a rival team’s scouting database, opening up the threats of data security to all competitive sports franchises.
Christopher Correa, a longtime member of St. Louis? front office, is charged with taking liberties with his former boss? login credentials. The contemporary, listed in the indictment as ?Victim A?, and largely believed to be current Houston Astros General Manager Jeff Luhnow, apparently used the same login credentials as he did when he was a member of the Cardinals? front office. Correa used this information to hack into Houston’s scouting database several times around the MLB First-Year Player Draft last June. The government has subsequently valued the information Correa gained as a result of the hack at $1.7 million.
Correa had also accessed employee emails and 188 separate pages of confidential information by using ?Victim A’s? credentials. Since ?Victim A? had universal clearance within his organization’s databases, it gave Correa some useful information on who St. Louis was scouting. Correa has subsequently admitted his crime and was quoted as telling the presiding judge, Lynn Hughes that it was a ‘stupid,? thing to do. Sentencing will commence on April 11, 2016.
Luhnow recognized the security problem and changed his credentials, which resulted in Correa hacking into the Astros? email-server and getting credentials of two more of the organization’s employees. Despite taking the GM job in Houston in 2011, Luhnow’s lack of password protection put his whole organization’s data infrastructure at risk. He made the following statement shortly after Correa’s plea:
I absolutely know about password hygiene and best practices. I?m certainly aware of how important passwords are, as well as the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard.
Despite his comments, it took a rival hacking into his organization’s database for him to follow industry best practices and alter his login credentials. This situation presents a poignant example of how network security is an end-to-end initiative. It’s just as important for people to follow best practices of password management as it is to have integrated intrusion security and access control solutions for your network.
You don?t get three strikes to secure your network against malicious entities that may want to get in. To get more information about the best practices for comprehensive network security, or to speak with our certified technicians about remote monitoring and management or other comprehensive network security solutions, call us today at (603) 889-0800.