Byte of Prevention Blog

by Jay Reeves |

Houston Astros Data Breach Was a Rookie Error

baseballSome cyber-crimes are committed by diabolical masterminds who use ingenious methods and sophisticated equipment to break into your system.

Other times, all they have to do is lift the mat to find the key you left there.

For an example of the latter, look no further than the cyber-scandal that rocked Major League Baseball.

It all started when a front-office executive departed the St. Louis Cardinals for a similar position with the Houston Astros. Before leaving, he turned in his laptop and password. Settling into his new gig, he made only a minor tweak to his old password.

As a result, his successor at the Cardinals had little trouble guessing it. Then over the course of a year, he used the purloined password to sneak into the Astros database and steal sensitive information on players, trades and salaries. Prosecutors valued the theft at approximately $1.7 million.

Eventually, he was caught. In a plea deal, he was sentenced to up to 46 months in prison and ordered to pay close to $280,000 in restitution.

No Runs, Hits or Errors

Although it’s been referred to as a hacking crime, the Astros breach was actually a dropped ball. This observer calls it the “least sophisticated cyber-security case ever.”

“Despite the many advances in cyber-security over the years, this case proves that human error is still an element in the protection of electronic information,” writes Professional Liability Matters. “Protecting this information is one of the most important roles of an executive, and failing to do so could not only cost the company millions of dollars, but also subject the executive to significant liability for carelessly choosing a password.  Let the Astros’ lesson be one you can learn from – obvious passwords simply won’t cut it when your company’s proprietary information is at stake.”

The Takeaway

Heed the advice you’ve heard so often. Keep your passwords secret. Make them long and complicated. Change them regularly. And by all means don’t use your birthday or your name.

If you’ve been using the same passwords for years, you’re opening yourself up to an Astros-type breach. And that could be a painful strikeout.

Sources:

 

About the Author

Jay Reeves

Jay Reeves practiced law in North Carolina and South Carolina. He was Legal Editor at Lawyers Weekly and Risk Manager at Lawyers Mutual. He is the author of The Most Powerful Attorney in the World, a collection of short stories from a law life well-lived, which as the seasons pass becomes less about law and liability and more about loss, love, longing, laughter and life's lasting luminescence.

Read More by Jay >

Related Posts