Big League Data Breach

By slpowers on June 17, 2015 • ( 0 )

Scandals are certainly not new to the sports world, but one team hacking the network of another team? That’s a new one.

The St. Louis Cardinals baseball team hacked into the Houston Astros network and stole data on personnel, scouting records, and private team statistics.

The breach of the Astros network wasn’t the result of endless hours of sophisticated hacking techniques unleashed by a programming mastermind. All it took was an old password that a former Cardinals employee (current Astros GM Jeff Luhnow) continued to use when he went on to work at his new job with the Astros. And the hackers were so brazen as to perform this intrusion from their home computer, which didn’t exactly make it difficult for the FBI to track them down.

Building a proprietary database containing all essential baseball operations data when they worked for the Cardinals, and then simply migrating it over to the Astros and assigning a new name was not the most secure measure for Luhnow and his associates to take. But the bigger misstep is that they didn’t change their passwords, meaning that all anyone needed to access this very important data was Luhnow’s old list of passwords. And that list still conveniently belonged to the Cardinals.

Competitive corporate espionage is a very serious threat in any industry. And once again, an incident like this drives home some important points:

Hacking is not possible only by uber-techies, but also by amateurs.
Human error is often to blame for a data breach.
And most networks aren’t set up to detect and defend such an infiltration.

“I think the accounts of corporate espionage are unbelievably underreported. I think it’s one of the dirty little secrets about the business landscape right now,” said Mike Gavaghen, vice president of sales and marketing at SLPowers said in a recent CRN interview. “I think there’s a willful denial going on throughout the economy right now about the risks of cybersecurity, and the more we talk about it, the better it is.”

Gavaghen said he hopes the high-profile nature of the baseball breach will bring some much-needed public attention to the issue.

“Because it happened to a sports team, it will get a lot of attention,” Gavaghen said. “That’s a good thing. … This may hit the public consciousness with more significance because it involved baseball teams.”

To protect against this sort of attack, SLPowers’ Gavaghen said he recommends his clients implement a good log management system to fight back against this sort of corporate espionage attack. While intrusion prevention systems are good for known, external attacks, a log management system will help flag more gradual and targeted attacks.

Contact SLPowers today and speak with our security experts about putting a multi-layered security solution in place that will effectively protect your business’ critical competitive data.