Security Advisor
Corporate Espionage Hits Major League Baseball
The FBI is investigating whether St. Louis Cardinals officials breached a private database of the Houston Astros.
In a first-of-its-kind case, the FBI and the DOJ are investigating an alleged hack of the Houston Astros by fellow MLB club St. Louis Cardinals. Subpoenas for electronic communication from the MLB and Cardinals were served earlier this morning.
According to investigators, the Cardinals organization allegedly accessed an Astros server that contained a private database of player scouting reports, possible trades and other internal data. When the breach was first discovered, the FBI first believed that the compromise was pulled off by a rogue hacker with no affiliation to the MLB. However, government investigators discovered that the incident originated from a computer located in a home that had been used in the past by Cardinals officials.
The breached information first came to light last year when an anonymous source posted it online.
MLB released a short statement acknowledging the FBI investigation earlier today. "Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros' baseball operations database," read the statement.
In a New York Times report, the publication said that Cardinals officials used old passwords of Huston General Manager Jeff Luhnow when he worked for the Cardinals' scouting department from 2003 to 2011 to gain access to the Astros database. The Times suggests that during his tenure with the Cardinals, Luhnow had made some enemies in the organization that could have pulled off the breach as an act of revenge.
So far, neither the FBI or the MLB has named specific individuals inside the Cardinals organization who are under investigation. The team released a short statement Tuesday morning.
"The St. Louis Cardinals are aware of the investigation into the security breach of the Houston Astros' database," the team said in a statement. "The team has fully cooperated with the investigation and will continue to do so. Given that this is an ongoing federal investigation, it is not appropriate for us to comment further."
The Times also pointed out that while gaining access using stolen passwords has been used by cybercriminals for years now, this could be one of the first corporate espionage cases to use the tactic. More importantly, this case points to the importance of using different passwords across the Internet.