Byte of Prevention Blog

by Jay Reeves |

Houston Astros Data Breach Was a Rookie Error

baseballSome cyber-crimes are committed by diabolical masterminds who use ingenious methods and sophisticated equipment to break into your system.

Other times, all they have to do is lift the mat to find the key you left there.

For an example of the latter, look no further than the cyber-scandal that rocked Major League Baseball.

It all started when a front-office executive departed the St. Louis Cardinals for a similar position with the Houston Astros. Before leaving, he turned in his laptop and password. Settling into his new gig, he made only a minor tweak to his old password.

As a result, his successor at the Cardinals had little trouble guessing it. Then over the course of a year, he used the purloined password to sneak into the Astros database and steal sensitive information on players, trades and salaries. Prosecutors valued the theft at approximately $1.7 million.

Eventually, he was caught. In a plea deal, he was sentenced to up to 46 months in prison and ordered to pay close to $280,000 in restitution.

No Runs, Hits or Errors

Although it’s been referred to as a hacking crime, the Astros breach was actually a dropped ball. This observer calls it the “least sophisticated cyber-security case ever.”

“Despite the many advances in cyber-security over the years, this case proves that human error is still an element in the protection of electronic information,” writes Professional Liability Matters. “Protecting this information is one of the most important roles of an executive, and failing to do so could not only cost the company millions of dollars, but also subject the executive to significant liability for carelessly choosing a password.  Let the Astros’ lesson be one you can learn from – obvious passwords simply won’t cut it when your company’s proprietary information is at stake.”

The Takeaway

Heed the advice you’ve heard so often. Keep your passwords secret. Make them long and complicated. Change them regularly. And by all means don’t use your birthday or your name.

If you’ve been using the same passwords for years, you’re opening yourself up to an Astros-type breach. And that could be a painful strikeout.

Sources:

 

About the Author

Jay Reeves

jay.reeves@ymail.com | 919-619-2441

Jay Reeves practiced law in North Carolina and South Carolina. Over the course of his 35-year career he was a solo practitioner, corporate lawyer, legal editor, Legal Aid staff attorney and insurance risk manager. Today he helps lawyers and firms put more mojo in their practice through marketing, work-life balance and reclaiming passion for what they do. He is available for consultations, retreats and presentations.

Read More by Jay >

Subscribe to Our Blog

Related Posts