A former executive for the St. Louis Cardinals baseball team, Christopher Correa, was sentenced Monday to 46 months in prison. In 2013, he successfully guessed a password to access an online database for confidential data held by another baseball team, the Houston Astros.
Correa pleaded guilty earlier this year to five counts under the Computer Fraud and Abuse Act, a notorious 1980s-era hacking statute.
“You have made it harder for them to live their lives,” US District Judge Lynn N. Hughes said during the court hearing, referred to the necessity of tighter security around all of Major League Baseball.
As the former director of baseball development, Correa was tasked with providing analytics to the team. The Cardinals, Astros, and many other teams use an online database called “Ground Control” to access and store large quantities of data about analytics of rival teams.
However, when another Cardinals employee left to work for the Astros, he had to turn over his laptop and the password to his Ground Control account to Correa. Using that, Correa then guessed a variation of this employee’s new account with the Astros, which enabled him to gain access to a vast trove of otherwise-unavailable material.
The Cardinals fired the 35-year-old Correa last summer when allegations of misconduct surfaced. The investigation began in 2014 after 10 months’ worth of Astros’ front office communications regarding trade talks and negotiations leaked online.
Both prosecutors and Correa’s attorneys “agreed that Correa masked his identity, his location and the type of device that he used, and that the total intended loss for all of the intrusions is approximately $1.7 million.”
In recent years, there have been a number of recent high-profile CFAA criminal prosecutions, including Matthew Keys, Chelsea Manning, and the late Aaron Swartz. An effort to reform that law has languished in Congress.