What goes into the approval process?
May 9, 2017CardPointe with CardConnect
May 23, 2017You can’t help but notice the number of data breaches that occur. Yahoo, Target, the Federal government, Sony and many more have been hit with data breaches. There was one that may have gone unnoticed and it did not involve any financial information but yet can teach everyone a lesson.
Jeff Luhnow worked in the scouting department of the St. Louis Cardinals from 2003 to 2011. While there he was responsible for developing software to keep proprietary information on the Cardinals’ minor league players. He did his job well. The Cardinals are widely acknowledged as having one of the best farm systems in the game and won two World Series titles in 2006 and 2011. After the 2011 season Luhnow became the General Manager of the Houston Astros, a division rival at the time. The Astros were coming off of a disastrous 56-106 campaign, good enough to be the worst team in the majors. Luhnow had his work cut out for him.
Over the course of the next few years Luhnow helped to turn the Astros from the laughing stock of baseball into an up-and-coming contender, even achieving a playoff berth in the 2016 season. The future looks bright for Luhnow and Houston.
Not everyone in the Cardinals organization was happy for their former colleague. Chris Correa, the man who replaced Luhnow as head of the scouting department, believed that not only did Luhnow take the algorithms the Cardinals use to evaluate prospects but he also took the software that the Cardinals developed. If true it would provide not only valuable information to Houston but would also allow them to upgrade their systems at the Cardinals’ expense. This has been somewhat of an accepted practice in baseball as personnel changing teams is frequent. There was also no way to prove it or so the Cardinals believed. Correa thought that there was.
He was able to get the password from the laptop that Luhnow had turned in when he left the Cardinals and suspected that he did not change it when he moved. Correa was right and he was able to break into Luhnow’s account and he not only examined the software and their evaluation algorithms but he also looked at the Astros’ player evaluations and discussions. The Astros were only tipped off when their internal discussions about scouting reports, trade discussions etc. were posted on Deadspin in 2014. Federal prosecutors believe this breach cost the Astros about 1.7 million dollars since the Cardinals were able to target potential Astros’ draftees in the entry draft and were able to see who the Astros were targeting in trades.* It is believed Correa accessed the Astros’ system over 40 times.
You are probably saying this is baseball, who cares? It is just a game. On that count you are right but there are lessons to be learned. As a business owner you will have employees leave you and move on to bigger and better things. If those employees know the passwords to your system there may be very little stopping them from accessing your system after leaving. Who knows, if an employee is fired they might be out for a little bit of revenge. It is recommended that passwords be changed every 30 days. If you are not doing this with your business then you could be setting yourself up for a world of problems.
There is another angle to this as well. Luhnow it was believed may have taken the Cardinals’ intellectual property with him on his way out the door and there was no way for the Cardinals to confirm this. The programs that Luhnow and other scouting directors develop are multi-million dollar assets and vital to any organization. If Luhnow did take the Cardinals’ property this was not the way to go about finding out and it would be obvious that Luhnow did “steal” the Cardinals property as he had worked for 15 years in the organization and probably had an encyclopedic knowledge of the Cardinals minor leaguers. There is nothing St. Louis can do about that, nor is there anything that you can do about an employee leaving and taking the knowledge of your business to a potential competitor.
This has served as a wakeup call in baseball to better protect the data that they depend on. Access to data has been minimized by most teams since this happened. Scouts do not need to read other scouts’ reports so there is no need for them to have access to them now. There is also no reason for interns or a stadium usher to have access to all of the team’s information. That would be the same as giving your janitor or cleaning crew access to your sales records. Limiting access has now become the norm across baseball and should be the norm in the business world as well.
And what of Correa? He was fired by the Cardinals and charged with unauthorized access of a protected computer. He pled guilty in January 2016 and was sentenced to 46 months in prison and he was ordered to pay about $280,000 in restitution. He has also been banned from baseball for life joining the likes of “Shoeless” Joe Jackson and Pete Rose. The Cardinals also did not come out scot-free either. Baseball Commissioner Rob Manfred fined them 2 million dollars and forced them to forfeit 2 high draft picks in 2017 and gave them to the Astros.
*The Astros draft position was early in a potential round and the Cardinals would come at the end of the round as the Astros were rebuilding and the Cardinals were perennial contenders. This would allow the Cardinals to target let’s say the Astros’ 3rd round selection and select that player as their 2nd round pick.