Baseball team pays a big price for hacking

By Cameron Abbott and Allison Wallace

You may not have followed this but the America’s Major League Baseball (MLB) St Louis Cardinals had an employee who accessed the Astros’ system around 60 times over two years, gaining access with a password similar to that used by a Cardinals colleague who left the club to work for the Astros in 2011.  (Also a little lesson there about password management one would think.)

Anyway Correa was last year fined nearly USD280,000, and sentenced to 46 months in Federal prison.  Enough said. 

Well perhaps not so, the wheels of justice of the MLB turn slowly, but turn they do.  In the end it’s the team that arguably has to pay a bigger price, with the MLB announcing last week that it has found the Cardinals vicariously liable for Correa’s conduct, fining the club USD2,000,000, and stripping it of its two top picks in this year’s amateur draft – to be given to the Astros.  Not often that you see cases where an employer is consider vicariously liable for the hacking efforts of an employee, but in this case they clearly enjoyed the benefit of those efforts even if unknowingly.

In a statement, MLB Commissioner Rob Manfred said that “a club suffers material harm when an employee of another club illegally accesses its confidential and propriety information, particularly intrusions of the nature and scope present here”.

The Astros welcomed the penalty, saying the “unprecedented award by the commissioner’s office sends a clear message of the severity of these actions”.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.