A Major League Data Breach: Houston Astros Strike Out!

It’s been a rough few years for the Houston Astros baseball team on the field, in last place half way through this season and losing an astounding 111 games last year. It seems they are having some off the field issues too, at least as far as data protection is concerned.

The team revealed this week that it was the victim of a data breach. About a month ago, someone hacked into their network and stole confidential information about trade talks with other teams. Details about the breach are scarce, but the compromise was apparently discovered when information about trade conversations was discovered posted at an online web site for anonymous posting. The site is popular with corporate and government whistle blowers.

Most data breaches are conducted for financial gain, primarily to steal personal data that can be used in financial fraud. This type of data does not match that pattern, although we don’t know for sure. The hackers could have been looking for data about employees and ticketholders and just happened to come upon this. The team says that some of the materials posted on line were altered and “embellished”, so the hackers may have simply wanted to embarrass the team.

The Astro’s General Manager made remarks in the Houston Chronicle that anyone responsible for corporate data should take to heart:

“It’s a reflection of the age we living in. People are always trying to steal information, get information, whether it’s legally or illegally, and in this case it was illegally obtained and it’s unfortunate.”

This also highlights the fact that there are risks beyond financial data. Other sensitive data and intellectual property is at risk if you do not properly secure your network and endpoints with endpoint management and mobile device management. Product plans and marketing strategies are just as important to keep secret as information about which players you are willing to give up in a trade!

IT Service Desk