Economic espionage and computer hacking can touch all industries and business types. Computer hacking is a federal crime, and federal prosecutors are aggressively targeting cases involving the unauthorized access of a protected computer. On January 8, 2016, this played out in a federal courtroom in Houston, where the former Scouting Director for the St. Louis Cardinals, Chris Correa, pled guilty to five counts of unlawfully accessing the computers and e-mails of Houston Astros employees. By hacking into the Astros’ systems, Correa gained access to a wide variety of confidential data, including scouting and draft information.

According to Correa’s plea agreement, he accessed Astros’ computers without authorization on five separate occasions between March 2013 and June 2014. The Astros maintained a computer network called Ground Control, which was a private database of player information and contained the team’s “collective baseball knowledge.” Correa accessed the e-mail and Ground Control accounts of one Astros employee, who left the Cardinals in 2011, by using a variation of a password the employee used while with the Cardinals. Correa later used information he obtained from that employee’s Astros e-mail account to access another former Cardinals and current Astros employee’s Ground Control account.

Correa pled guilty to taking scouting information in 2013, including a list of every player eligible for the 2013 draft and how the Astros ranked them, weekly scouting digests, the Astros’ draft strategy, and notes regarding trade discussions. In 2014, Correa viewed 118 pages of confidential trade discussion notes, upcoming draft rankings, the Astros’ draft strategy for 2014, and other player notes and evaluations.

This case is a reminder that cyber-facilitated corporate espionage touches all industries. Companies are well-served to evaluate their data security and privacy policies, procedures, and protocols on a regular basis.

Attorneys in Ballard Spahr’s White Collar Defense/Internal Investigations and Privacy and Data Security Groups have experience conducting cybersecurity risk assessments, designing risk management and compliance plans, advising and representing companies in response to cyber incidents, data breaches, and related litigation, and conducting cyber investigations.

Edward J. McAndrew recently joined the firm as a partner after serving as a Cybercrime Coordinator and National Security Cyber Specialist at the Department of Justice, prosecuting every major type of cybercrime, including those covered in this alert. Attorneys in Ballard Spahr's Sports Group handle litigation and provide counseling to professional teams and their owners and investors, stadium and arena operators, financing entities, amateur teams, university athletic departments, athletes, coaches, equipment manufacturers, and others.

For White Collar, Privacy, or Data Security inquiries, please contact Mr. McAndrew at 215.864.8841 or mcandrewe@ballardspahr.com, or Henry E. Hockeimer, Jr., at 215.864.8204 or hockeimerh@ballardspahr.com. For Sports Group-related inquiries, please contact Travis J. Leach at 602.798.5444 or leacht@ballardspahr.com or Edward D. Rogers at 215.864.8144 or rogerse@ballardspahr.com.


Copyright © 2016 by Ballard Spahr LLP.
www.ballardspahr.com
(No claim to original U.S. government material.)

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, including electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the author and publisher.

This alert is a periodic publication of Ballard Spahr LLP and is intended to notify recipients of new developments in the law. It should not be construed as legal advice or legal opinion on any specific facts or circumstances. The contents are intended for general informational purposes only, and you are urged to consult your own attorney concerning your situation and specific legal questions you have.