Chris Correa, the former scouting director for the St. Louis Cardinals, has plead guilty to hacking the emails and player database of the Houston Astros.
The former scout plead guilty to five of twelve federal charges against him, each of which carries a maximum possible sentence of five years in prison and a $250,000 fine. This was the first known case of a sports team hacking into another’s database to steal information.
Get The Latest MLB Tech News In Your Inbox!
The Astros have very detailed scouting reports and are not shy about that fact. They have been very open about their database called Ground Control, which houses this scouting information. It has been reported to have everything from statistics to contact information, all of which is protected by a password.
In 2013, Correa illegally downloaded a file of the Astros’ scouting report for every eligible player for that year’s draft, as well as viewing trade discussion notes and a page that had information like stats and notes on recent performances. Even after the database password was changed in 2014, Correa hacked into emails form Astros officials to get the new password. He then proceeded to view 118 pages of confidential information.
Interestingly enough, Correa had ties to the people he stole from. He worked under the Astros’ general manager, Jeff Luhnow, while they were both in St. Louis (Luhnow left to work with the Astros in 2011). The FBI said that Correa initially gained access by using a password similar to that of an employee who had to give Correa his Cardinals-owned laptop in 2011 when he left for a job with the Astros. While Luhnow was not named, it appears that he fits this profile.
According to U.S. Attorney Kenneth Magidson, who took in account how Correa used the information to draft players, the hacking cost the Astros around $1.7 million.
“I accept responsibility in this case,” Correa said in court. “I trespassed repeatedly.”
With more and more data, stats and overall information being gathered by teams nowadays, every organization needs to be wary that the databases they are compiling could be very valuable and targets for hacks.