Cybersecurity Insight

No Entity is Safe: MLB Security Hack

17 Jun

The Houston Astros just recently came forward to report that one of their databases had been subject to a cyber attack last year. At the time of the attack, the Astros were unaware of who the culprit but this week they reported that the St. Louis Cardinals were involved.

The FBI uncovered evidence suggesting that a number of Cardinals’ employees penetrated into a Houston Astros database that housed scouting reports and statistics, current and former trade details, and various other stats. But why would the Cardinals, one of baseball’s most successful teams in the last decade, perpetrate a crime against a team that isn’t even in their division, much less the National League?

The answer to this question hasn’t been formally shared, but we know that the world of professional sports is extremely competitive. Teams will do almost anything to gain an edge. In the case of MLB, where big money and reputations are at stake, apparently this could mean resorting crimes against another team’s confidential data.

What if you could know about another team’s trade offer before anyone else? What if you could “butt in” on a trade that you wouldn’t have otherwise known about? How about getting you hands on another team’s prospects or draft plans? You could not only predict, but also concretely know what every team is planning to do at any given time.

The target of the alleged crime seems to be Jeff Luhnow, who worked in the Cardinals organization during a peak in their success from 2003-2011. Luhnow is renowned for his statistics based approach to scouting and team management, most notably shown in the movie “Moneyball.” Luhnow now works for the Houston Astros, and it has been suggested that Cardinal employees have held a grudge against Luhnow since he left them.

This is the first publicized case where a professional sports team has been the victim of a cyber crime. Now that it has finally happened, it may open the floodgates for other sports organizations to try and “secretly” hack other teams for information. No organization is safe from security breaches regardless of the motives.