Attorney Spyros Arsenis was recently quoted in World Sports Advocate's February 2017 issue discussing the St. Louis Cardinals being found vicariously liable for hacking. The full article can be accessed here and can be downloaded here.

Major League Baseball’s (‘MLB’) Commissioner, Robert D. Manfred Jr., ordered the St Louis Cardinals’ (‘Cardinals’) top two picks in the 2017 First-Year Player Draft and $2 million in compensation to be awarded to the Houston Astros (‘Astros’) on 30 January 2017 following an investigation into the hacking of Astros’ email system and scouting database by former Cardinals executive Chris Correa. Correa pleaded guilty in federal court to five counts of unauthorised access of a protected computer.

On 18 July 2016, following an FBI investigation, Correa was sentenced to 46 months in prison and ordered to pay the Astros $279,039 in restitution. Correa had accessed the Astros email system and analytical scouting database multiple times in 2013 and 2014. Following the completion of criminal proceedings, the Office of the Commissioner of Baseball instructed the MLB Department of Investigations to conduct an investigation into the matter. The findings of the review were submitted to Commissioner Manfred who recognised that although Correa’s conduct was not authorised by the Cardinals, the Cardinals must be held responsible for his conduct as a matter of MLB policy.

Spyros M. Arsenis, Of Counsel at Gerard Fox Law PC, believes that the Commissioner had to make a strong statement in this regard, as the Cardinals had benefitted from Correa’s illegal activity and received an unfair competitive advantage to the detriment of the Astros. “It’s also important to note that under Article II of the Major League Constitution, the Commissioner of the MLB has broad authority to act, in what’s known as, the ‘best interest of baseball,’” explained Arsenis, “with this in mind, it’s fairly clear to see that in today’s day and age where player evaluation is often based on proprietary sports analytics and algorithms, the deterrence of cyber theft and corporate espionage has taken on newfound prominence.”

Although Correa’s behaviour was found to be an isolated incident by a single individual, the wider implications may prove to be a call to action for all sports to ensure that they are doing enough to protect the data in their possession. “I’m sure they [the teams] have now implemented security awareness training for their staff and employees, have instituted password management systems, and have implemented ‘two-factor authentication’ to protect sensitive data,” comments Arsenis. “The importance of committing resources to cyber security should not be underestimated.”