Hacking scandal fallout a wake-up call for Cardinals, MLB

Executives throughout Major League Baseball have seen the discipline levied by commissioner Rob Manfred in the Houston Astros hacking scandal, and the consensus seems to be that the St. Louis Cardinals are lucky birds. The loss of the 56th and 75th picks in the June first-year player draft won't put a significant crimp in their talent pipeline, and the accompanying $2 million fine was more a symbolic gesture than a real bite in the wallet.

That said, it's hard to find many people in the baseball community who view the relatively benign resolution to the controversy as a future incentive to hack. There was enough damage done by the Chris Correa-perpetrated transgression -- and the episode was enough of a wake-up call for teams around the game -- to suggest a sequel is unlikely.

"I don't think anyone is saying, 'Oh, the picks weren't that high, and it was only $2 million, so let's go ahead and do it because the penalties aren't that bad,''' a National League executive said. "A guy is in jail, and he's banned from working in baseball ever again, and this was an embarrassment to the entire Cardinals organization. You can argue that they should have lost a first-round pick. Fine. I think plenty has been done to ensure this never happens again.''

If you're looking for a checklist of reasons successful hacks will be the exception rather than the norm in years to come, here are a few to ponder.

• Correa, the former Cardinals scouting director who unlawfully accessed Houston's computer system, is serving a 46-month prison term and has been placed on baseball's permanently ineligible list. If Pete Rose couldn't escape that ignominious state of limbo, the ship has definitely sailed on Correa's dream of working in a front office again.
• Cardinals CEO Bill DeWitt and general manager John Mozeliak issued a joint statement Monday in which they reiterated that the hacking was an act of an "isolated individual,'' and they've gone to great lengths to ensure nothing like it happens again. But even if the Cardinals weren't complicit in Correa's crime, they were at best oblivious to it. If you don't think either perception is humbling for a franchise with such a prideful tradition, you don't understand how much St. Louis' baseball team values its brand.
• In the unlikely event some club thought a future cyber attack was worth the risk, potential targets have ratcheted up their games since the FBI began its investigation into the hacking and the Cardinals announced Correa's firing in June 2015. Once the IT folks sprang into action, checked and re-checked the passwords and upgraded the firewalls, it naturally followed that clubs would be less vulnerable to attack.

"When this happened, our organization was like, 'Oh my. We really need to take aim to protect our system,''' a National League GM said. "I'm sure other teams have stepped up their security too. Do I think this could happen again? Yeah, I do. We're not talking about breaking into Chase Bank. We're talking about baseball teams looking for an advantage. But the Chris Correa punishment will probably stop teams in their tracks.''

The vigilance required by clubs reflects the value of the information they possess and the manner in which it is stored. Baseball teams are always looking to derive an edge in everything from statistical analysis to draft strategy to management of injuries. Why should their trade secrets be any less desirable to obtain in a $10 billion industry than the secrets that Fortune 500 companies try to access and protect in the world of corporate espionage?

"I don't think it's just baseball,'' an AL team official said. "It's the world we're in now. Supposedly our [presidential] election was affected by it. Organizations have tech and development, and part of that infrastructure revolves around security.''

While Manfred's investigation determined that Correa was a lone wolf, some organizations reserve their right to be skeptical that he was a "rogue'' employee whose excesses played out in a vacuum. As unsealed court documents showed, Correa's offenses were brazenly and shockingly beyond the bounds of propriety. He spent two-and-a-half years reading the emails of Astros employees and tapping into the Houston organization's "Ground Control'' database a total of 48 times.

It's impossible to quantify the damage Correa did to the Astros. But Houston management certainly had reason to feel violated, particularly when GM Jeff Luhnow had to go on an apology tour after details of his discussions with other clubs leaked on Deadspin. The Cardinals clearly derived a competitive advantage from Correa's exploits, regardless of how many people in the St. Louis organization knew how the information was obtained.

A year into his tenure as Bud Selig's successor, Manfred continues to receive an education in the art of wielding the hammer. In July, he stripped the Boston Red Sox of five free agents and forced the team to sit out the international free-agent signing period as punishment for circumventing signing bonus rules. In September, San Diego GM A.J. Preller incurred a 30-day suspension for failure to disclose medical information in a trade with the Red Sox.

Some people thought Preller got off lightly, but the buzz in baseball circles is that he's on the equivalent of double secret probation: He's already on shaky ground with some of his peers, and another significant offense could take him to the point of no return.

With Monday's decision in the Houston-St. Louis case, Manfred added to his budding legacy as baseball's new disciplinarian-in-chief. Chris Correa took the biggest hit, with the Cardinals a distant second. Regardless of the draft picks involved or the amount of the fine dispensed, the commissioner's office is hoping all 30 teams received the same message: Spying comes with a price.