The Justice Department is investigating St. Louis Cardinals’ administrative officials for reportedly hacking into data servers belonging to the Houston Astros to gather personnel data for players, the New York Times reported Tuesday.
The Federal Bureau of Investigations found evidence Cardinals officials penetrated an Astros’ database in 2014 that contained internal communications regarding player trades, scouting reports, and team statistics. The breach was allegedly an act of revenge against Astros general manager Jeff Luhnow, a former Cardinals executive until 2011. Some information from the hack surfaced online last year, namely trade talks Luhnow had with other teams, according to a Deadspin report.
“Major League Baseball has been aware of and has fully cooperated with the federal investigation into the illegal breach of the Astros’ baseball operations database,” MLB said in a statement Tuesday. “Once the investigative process has been completed by federal law enforcement officials, we will evaluate the next steps and will make decisions promptly.”
The case is considered the first known instance of corporate espionage involving professional sports and it becomes even more shocking considering the profile of the team involved — the Cardinals currently have the best record in baseball and a long history as one of the most successful and supported teams.
Names of the employees involved in the hack haven’t been released, and no Cardinals officials involved have been fired or reprimanded through forced leave or employment suspension, according to the New York Times report.
The MLB investigation is the second high-profile corporate breach of 2014, preceded by the devastating Sony Pictures hack late last year. Unlike the Sony attack, which originated overseas and has yet to result in formal charges against the hackers, the Cardinals-Astros case could lead to legal action.
The FBI could charge Cardinals employees under investigation for violating the Computer Fraud and Abuse Act of 1986 — a broad federal law that allows the government to prosecute unauthorized computer access. CFAA has been used to convict hackers but was also used against Aaron Swartz, an internet activist who committed suicide after the Justice Department charged him with criminal hacking for downloading documents from a research database.
President Barack Obama announced plans to update the law earlier this year during the last State of the Union address. But tech advocates worry the White House’s proposed revisions could still be too broad, criminalizing any behavior done without expressed consent — like guessing your roommate’s password to her iPhone after asking to make a call.
For the Cardinals, however, the FBI will likely be able to build a strong case against the officials. As NBC’s Hardball Talk’s Craig Calcaterra wrote:
This may have been an impulsive or spiteful action, as opposed to some orchestrated espionage effort. It may have involved one person rather than five or 10 and may have been as simple as looking up old passwords rather than some sophisticated hackery. But, to the feds, it may be considered something highly felonious and may turn into something huge. Especially given that, unlike some CFAA cases, this one actually allegedly involved the fraudulent accessing of a computer network across state lines.
The Cardinals issued a statement Tuesday saying the team has cooperated with the FBI’s investigation and would not comment on the issue.