Another Plug for Keeping Secrets Secret

Just a quick post to follow up on the item I wrote back in June about the hack into the Houston Astros’ Ground Control database by someone within the St. Louis Cardinals’ front office.Astros Cardinals hack

We now know the culprit was Chris Correa, a former Cardinals scouting director who recently pled guilty to five counts of accessing Astros computers without authorization from 2013-14. Correa was able to get into the Astros’ database because he had the password of a former Cardinals’ employee who had joined the Astros.

Correa may spend time in jail, and MLB Commissioner Rob Manfred may decide to fine or otherwise punish the Cardinals. It’s also possible the Astros will file a grievance and/or a civil suit against the Cardinals.

But, as I told The Houston Chronicle’s Evan Drellich (in a story published Jan. 16), the Astros might have a hard time proving their losses in civil court, partly because it could be argued that the Astros didn’t take sufficient steps to protect their proprietary information.

‘I’m a little surprised they didn’t exercise better password hygiene,’ Ahmad said. ‘If I’m on the defense … I point out that, you know what, all of this could have been avoided if the guy could’ve just changed his password.

‘Part of people are going “this is sports, how important and how confidential is this really?” And I think you combine it with the notion of, come on, change your password and nothing happens.’

Nobody is immune from being hacked, so individuals and companies need to treat their trade secrets like secrets and ensure that everybody with access to them varies not only their passwords but also their password naming conventions. If the only thing you change in your password is the month, it doesn’t take a criminal mastermind to figure it out.

The only reason we know about the Astros hack is because some of the team’s confidential information was published in the media, tipping off the Astros to the fact that something was amiss. If that hadn’t happened, Correa might never have been caught.

Think about that: most hackers go undetected. So don’t make their lives any easier.

This entry was posted in Confidential Information, Legal, Trade Secrets and tagged , , , , . Bookmark the permalink.