Business Litigation Alert: "Business Lessons from the Database Hack of the Houston Astros"
Christopher Correa, a former scout for the St. Louis Cardinals, was recently sentenced to almost four years in prison for hacking the Houston Astros player-personnel database. While it seems far-fetched that hacking would make its way into major league sports, this case is proof that a cyber breach can happen in any industry and it highlights the importance of putting protections in place to avoid the costly repercussions of a data breach.
Reports state that Correa was able to gain access into the Astro's system by utilizing a password similar to one used by a former Cardinals employee who left for a job with the Astros in 2011. The former employee turned his laptop in when he left the Cardinals, and then used either the same or a similar password when he moved to the Astros, making it relatively easy for Correa to access their system.
While this seems like a situation where truth is stranger than fiction, it also serves as an important reminder of the few simple steps that companies should take to avoid finding themselves in the same position as the Astros:
- Secure Passwords: Any employee with access to a company's data should have a secure password. This is often stressed for our bank accounts or our emails; however, it should also be stressed for work accounts as well.
- Rotating Passwords: All employees should also change their passwords on a regular basis. This can be built into systems so that employees are forced to do this every few months and is just one more level of protection.
- No Duplicate Passwords: Employees should not use the same password for work purposes as they do for personal accounts. We tend to use the same password for all our accounts so we will remember, but work and personal passwords should never be the same.
These might seem obvious precautions to take, but they are often protections that are overlooked or forgotten. Employee passwords can be an important level of protection in the battle to stave off hackers and avoid costly ramifications.