35-year-old former Cardinal Baseball Director Chris Correa pleaded guilty to unauthorized access to protected information in a hack event that was committed during his former employment with the St. Louis Cardinals. He says that for at least a year (“from March 2013 through at least March 2014,” says NPR), he hacked into the Houston Astros database (called Ground Control), where the team kept trade discussions, draft rankings, and scouting and injury reports. In one specific instance, Correa was able to hack into a specific Cardinal account because a former employee had gone to the Astros and was formerly employed with the Cardinals. Correa had access to the former employee’s computer because of company procedure, and used that to hack into Ground Control.
Federal investigators started to suspect a connection between the Cardinals and the Astros this summer when detecting the hack event. At the time, they tied the hack to former Cardinals/then-Astro-turned employee Jeff Luhnow.
Correa’s hacking charges are rather unfortunate, considering that he formerly worked in the sports league. People often hear about data breaches that concern remote hackers who cover their tracks, but this occurred by way of a former employee who accessed files from another team. We don’t know the motive, but a hack event such as this shows that Correa had some experience as a hacker.
Correa could receive up to 25 years in prison and a $250,000 fine when convicted and sentenced by the DOJ.