When it comes to stolen information, individual identification, health records and embarrassing emails make the headlines, while intellectual property doesn’t warrant the attention. Until today.
Not the Chinese or the Russians, not military code or federal security clearance, but the St. Louis Cardinals accused of hacking the Houston Astros to gain access to intellectual property – trade, proprietary statistics and player strategy information.
The sole purpose of this data breach was to gain access to trade and player information – the Houston Astros’ intellectual property (IP). I’m used to seeing stories about stolen IP in the news or security sections of media publications, but not in the sports section. This gives a whole new meaning to Inside Baseball.
The FBI is now investigating the incident which some think may be disgruntled employees taking revenge on the current Astros General Manager Jeff Luhnow. Officials believe the hacking was executed by vengeful front-office employees for the Cardinals hoping to wreak havoc on the work of Luhnow, who had been a successful and polarizing executive with the Cardinals until 2011. Luhnow was successful in transforming the Cardinals into a winning organization and is doing the same with the Astros.
The attack would be the first known case of corporate espionage where a professional sports team hacked the network of another team. Illegal intrusions into companies’ networks have become commonplace, but they are generally done by foreign hackers, who steal large amounts of data or trade secrets for military equipment and electronics. Now we have hackers going after our national pastime.
This is a perfect example of organizations that think their most precious information is safe because it’s not “mission critical.” This is not information on payroll, ticket sales, the contracts of players or stadium operations, but it clearly is sensitive and valuable information. Just think how valuable having scouting reports and player strategy is to Astros’ opponents.
Obviously all the perimeter and system focused security did not prevent hackers from accessing valuable information from the Astros. The Cardinals organization, if they are found culpable of these actions, were not trying to steal computers or bring down the Astros operations. They were after the data.
Every organization needs to rethink that what is important to them might be important to someone else. If information is valuable to you, odds are it is valuable to your competitors. You need to protect that information at the very core with data-centric security locking it down where it lives.
Photo credit Erin Borrini