Data Loss Prevention (DLP) , Incident & Breach Response , Managed Detection & Response (MDR)

Cardinals Sack Employee After Hack

FBI Still Investigating Houston Astros Database Breach
Cardinals Sack Employee After Hack

The St. Louis Cardinals baseball franchise has fired one of its front-office staff following alleged hack attacks against the rival Houston Astros professional baseball team, and a related data breach (see FBI Investigates Baseball Hack Attack).

See Also: OnDemand | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries

The Cardinals confirmed July 2 that they had fired Chris Correa, who was the team's scouting director - in charge of researching and recruiting new players - but declined to detail why.

Cardinals general manager John Mozeliak, who has denied having any knowledge of the alleged hack attack prior to being notified by the FBI, told the St. Louis Post Dispatch that Correa was fired on July 1. "I can confirm he was on administrative leave and subsequently was terminated," he said. "At this time it's still an ongoing investigation, and there's really nothing more that I can add at this point."

Astros attorney Jim Martin, tells Associated Press that no other employees have been fired to date, but that related investigations remain underway. "I can't give you an end-point," he said. "But our internal review is still ongoing."

The Houston office of the FBI, which is leading the related investigation, did not immediately respond to a related request for comment. But the existence of the investigation was first confirmed in June by The New York Times, which reported that the FBI's investigation centered on one or more breaches of the "Ground Control" database built by the Astros, as well as related memos, which detail private discussions about scouting reports, player trades and confidential statistics. The FBI reportedly served related subpoenas on both the Cardinals and the Major League Baseball organization, and seized some Cardinals computers in February.

Astros Data Dumped

In June 2014, 10 months of Astros' internal-trade chatter were leaked to anonymous text-sharing website Anonbin. That leak apparently alerted Astros officials to a potential breach, and sparked the FBI's investigation.

Correa, however, has rejected allegations that he stole or leaked any Astros data. "Mr. Correa denies any illegal conduct," Correa's lawyer, Nicholas Williams, said in a statement. "The relevant inquiry should be what information did former St. Louis Cardinals employees steal from the St. Louis Cardinals organization prior to joining the Houston Astros, and who in the Houston Astros organization authorized, consented to, or benefited from that roguish behavior?"

According to a single, unnamed source cited by the St. Louis Post Dispatch, however, Correa admitted to Cardinals officials that he had accessed the Astros database, but only to ascertain if the team had stolen proprietary Cardinals information, and denied stealing or leaking any Astros data. The source suggested that based on the number of times that the Astros database was reportedly accessed, the leak was the result of one or more hackers who were not Correa.

The existence of the database - and its URL - was apparently public knowledge, after the Ground Control website address was reportedly visible in a photograph that accompanied a March 2014 feature story in the Houston Chronicle. In that story, Astros general manger Jeff Luhnow and the team's "director of decision sciences" - former NASA employee and analytics expert Sig Mejdal - said Ground Control was modeled on the Cardinals' similar "Red Bird Dog" system. Luhnow joined the Astros from the Cardinals in 2011.

Password Hygiene

In an interview last month with Sports Illustrated, Luhnow denied suggestions that he had taken intellectual property from the Cardinals, or that the hack attack was facilitated by his failing to change his Cardinal-era passwords when he joined the Astros. "That's absolutely false," said Luhnow, who was a McKinsey consultant and later the founder and president of data analytics firm Archetype Solutions, and who has said that Ground Control was built "from scratch."

"I absolutely know about password hygiene and best practices," he said. "I'm certainly aware of how important passwords are, as well as of the importance of keeping them updated. A lot of my job in baseball, as it was in high tech, is to make sure that intellectual property is protected. I take that seriously and hold myself and those who work for me to a very high standard."

Astros attorney Giles Kibbe has also denied that any employee of the Houston team - or former Cardinals employee now working there - had taken any proprietary information from the Cardinals. "We stand by all of our previous comments," he told the St. Louis Post Dispatch. "We're looking forward to the conclusion of the FBI's investigation. I stand by all that Jeff has said on this matter."

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.