Former St. Louis Cardinals employee could get 5 years in prison for hacking rival team’s database

The government charged Chris Correa under a controversially broad computer-hacking law.

A former St. Louis Cardinals employee has pled guilty to hacking a rival team’s player database.

The incident is believed to be the first time that someone employed by a professional American sports team has been convicted of violating the U.S.’s major hacking law, the Computer Fraud and Abuse Act (CFAA), while on the job.

The former employee, Chris Correa, was the Cardinals’ scouting director until the team fired him for the scandal in July.

As the Daily Dot noted at the time, it might be a stretch to consider Correa’s actions a “hack.” The Cardinals have a system for processing player data—not unlike the databases created by obsessive fantasy baseball players—called Redbird. When the Houston Astros, the Cardinals’ historical rival, hired away team vice president Jeff Luhnow as their new general manager in 2011, the Astros soon created a new, extremely similar system called Ground Control.

When Luhnow left the Cardinals, he returned the laptop that the Cardinals team had given him, including his password to log in. According to Correa’s guilty plea, because Luhnow chose a variation of that password for his Ground Control account, Correa could log into Ground Control and see how the Astros assessed players.

Correa eventually gained access to two other Astros employees’ accounts, giving him in-depth knowledge of the team’s trade discussions and evaluations of their minor leaguers.

While that’s not exactly a sophisticated cyberattack, Correa’s actions were more than enough to violate the controversially broad CFAA. Technically, “unauthorized access of a protected computer” is all it takes to violate the law.

Correa pleaded guilty to five counts and faces up to five years in prison. He now awaits sentencing.

Photo via Keith Allison/Flickr (CC BY SA 2.0)

Kevin Collier

Kevin Collier

A former senior politics reporter for the Daily Dot, Kevin Collier focuses on privacy, cybersecurity, and issues of importance to the open internet. Since leaving the Daily Dot in March 2016, he has served as a reporter for Vocativ and a cybersecurity correspondent for BuzzFeed.