United States: Caught Stealing More Than Bases, St. Louis Cardinals Teach Trade Secret Safety To All Employers

The recent hacking attack against the Houston Astros is a wake-up call for all employers: no organization is safe from its adversaries' attempts to steal proprietary information to gain a leg up in the competition. The infiltration of the Houston Astros' network reportedly was carried out by employees of the Cardinals – an Astros' arch rival. The compromised database contained highly proprietary information, including scouting reports, player statistics, and internal trade strategy – considered the "crown jewels" for any major league baseball team. While the FBI and Justice Department investigations are still ongoing, it appears the perpetrators accessed the Astros' network using a "master password list" maintained by Astros' General Manager, Jeff Luhnow – who had used the same list when working in a prior role as an executive for the Cardinals. These events underscore for all companies the critical importance of safeguarding your proprietary information.

Here are a few basic steps with broad applicability that should help employers of all types:

• Limit access to confidential information to only those employees who need the information to perform their job duties.
• Implement written policies that clearly define what you deem to be confidential information, and then communicate clearly to all employees that they may not:
  
  
  • use that information for any purpose other than fulfilling their job responsibilities; or
  • disclose such information to any other person or entity (excepting the government), without the company's prior written permission.
• Consider having key employees sign non-compete/non-solicitation agreements that prevent them from leaving you to go work in a similar role for a competitor, or from contacting your customers or using any confidential information they obtained about you or your customers after they leave.
• Password protect all computers and computer systems, implement a written policy requiring that employees change their passwords frequently, and enforce that policy.

And finally – a lesson straight from the Astros/Cardinals incident – do not allow your employees to use the same passwords they used at prior employers. Competitor companies are likely to keep records of former employees' passwords, and would-be hackers are likely to try these passwords first if intent on breaking into your internal systems to take confidential information.

This article is presented for informational purposes only and is not intended to constitute legal advice.