Scam of the day – February 1, 2017 – St. Louis Cardinals penalized for hacking

In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team.   Chris Correa of the St. Louis Cardinals was convicted of hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players.  Correa is presently serving a 46 month prison sentence.  At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals.   Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros.  A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals.  Armed with this password, Correa stole data from Ground Control for use by the Cardinals.

Now Major League Baseball Commissioner Rob Manfred has acted in the matter, banning Correa from baseball for life and ordering the Cardinals to pay 2 million dollars to the Astros as well as forfeit to the Astros their two top picks in the June amateur draft.   In his ruling, Commissioner Manfred indicated that the hacking scheme was entirely the work of Correa.

TIPS

Perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at other places such as banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.

Scam of the day – July 20, 2016 – Baseball executive sentenced for hacking

In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team.   After a prolonged investigation, Christopher Correa of the St. Louis Cardinals pleaded guilty in January of 2016 to hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players.  At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals.   Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros.  A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals.  Armed with this password, Correa stole data from Ground Control for use by the Cardinals.  Correa has now been sentenced to 46 months in prison and ordered to pay restitution of $279,038.65.  Now that the criminal case against him is over, Major League Baseball is beginning its own investigation that could result in serious consequences for the Cardinals.

TIPS

Although this story reads like fiction, perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.

Scam of the day – January 11, 2016 – Former St. Louis Cardinals official pleads guilty to hacking the Houston Astros

In July of 2014 I first reported to you about the hacking of the computers of the Houston Astros baseball team.   Now, after a prolonged investigation, Christopher Correa has pleaded guilty to hacking the private online data base of the Astros called Ground Control that contained tremendous amounts of confidential data including scouting reports and statistics on baseball players.  At the time he did the hacking, Correa was the Director of Baseball Development for the St. Louis Cardinals.   Correa was fired by the Cardinals when he first became a suspect in the hacking of the Astros.  A current Astros employee had worked previously for the Cardinals and Correa was able to easily guess the password used by him to access Ground Control by merely using variations of the password the Astro employee had used when he worked for the Cardinals.  Armed with this password, Correa stole data from Ground Control for use by the Cardinals.  Correa will be sentenced on April 11th which, coincidentally is the day of the Cardinals’ home opener for the 2016 baseball season.

TIPS

Although this story reads like fiction, perhaps the biggest lesson for all of us from this story is the danger of using the same password or slight variations thereof for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.

 

Scam of the day – June 18, 2015 – St. Louis Cardinals accused of hacking Houston Astros

Last July I reported to you about the hacking of major league baseball’s Houston Astros.  At that time it was not known who accomplished the hack of the Astro’s databases that contained discussions of player trades, complicated player statistics and scouting reports.  Now the FBI is indicating that the hacking was the work of employees of the St. Louis Cardinals.  Preliminary reports indicate that the motive may have been to set back the work of Astro’s General Manager, Jeff Luhnow, who previously had been an executive in the Cardinal’s organization where he was in charge of scouting and player development.  The hacking does not appear to be particularly sophisticated.  Apparently the Cardinals’ employees behind the hacking merely used the list of passwords that Luhnow and people working under him had used while employed by the Cardinals to gain access to the Astros’ databases.

TIPS

The biggest takeaway for all of us from this story is the danger of using the same passwords for all of your accounts, which unfortunately is a habit that many people have gotten into.  Hackers will often steal passwords of customers from companies when they commit a data breach and then use those passwords for identity theft purposes at banks, brokerage houses and other companies where the victim can suffer substantial financial losses.  The best course to follow is to have a difficult to crack password that is unique for every account.  This is easier than it sounds.  Start off with a phrase, such as IDon’tLikePasswords, which combines capital letters, small letters and a symbol.  Then add a couple of additional symbols at the end of the password so it may read, for example, IDon’tLikePasswords!!! and then you can customize it for each of your accounts.  For example, you could make this your Amazon password by making it IDon’tLikePasswords!!!Ama.  This password strategy provides great security and is easy to remember.

Scam of the day – July 19, 2014 – Houston Astros hacked

No company is safe from the danger of hacking including, as we recently learned Major League Baseball teams.  The Houston Astros were recently embarrassed to announce that their computers had been hacked by unknown hackers who released information about trade discussions involving the Astros and a number of other Major League Baseball teams including the Miami Marlins with which a trade for All-Star outfielder Giancarlo Stanton was discussed.  The hacking did not appear to be for any reason other than to expose and embarrass the management of the Astros, however that is of little consolation to employees of the Astros whose personal information can also be found in the Astros’ computers and which, if released could lead to identity theft.

TIPS

This is just another example that no entity including governmental agencies as well as private companies is safe from the danger of hacking.   A recent report by the State of New York indicated that in New York alone there were more than 900 data breaches that exposes personal and financial records of 7.3 million New Yorkers thus making them victims and potential victims of identity theft.  It is important to remember that you are only as safe as the place with the weakest security that holds your personal information so whenever possible do not provide your personal information, such as your Social Security number to everyone who asks for it.  Health care providers do not need your Social Security number although most request it.  Often the only reason that they want it is to make it easier to collect an unpaid bill from you.  The health care industry in general has done a poor job of protecting personal data from hackers.  The place to find a helping hand in protecting your data is at the end of your own arm.  Limit the places that have your personal information as best you can.  When companies request your Social Security number, offer them another identifier for example.  I recently did this with my eye doctor and the doctor agreed.  You may also want to place a credit freeze on your credit report so that even if your Social Security number and other personal information is stolen, the identity thief will not be able to access your credit report.  You can find information as to how to put a credit freeze on your credit report in the credit freeze section on the right hand side of this page.