When you leave one job for another, it's generally common practice to delete any sensitive documents you may have from the old company, and to avoid doing anything to burn any bridges. Of course, everyone goes about that differently.
Chris Correa used to work for the Houston Astros, then moved to the St. Louis Cardinals as a scouting director. While with the Cardinals, Correa hacked into the Astros' player-personnel database and email system. He pleaded guilty in January to five counts of unauthorized access of a protected computer from 2013 until 2014 (at the very least).
The Cardinals fired him last summer, but Correa's punishment wasn't done: he was sentenced to 46 months in prison, and a court ordered him to pay $279,038 in restitution. That's a hefty sentence as is, but it could have been even worse. Correa faced up to five years in prison on each count, which would have been 25 years maximum.
St. Louis can probably expect a fine or loss of draft picks as a result, but so far, nothing has been handed down by the league. Federal prosecutors estimate the hacking cost the Astros about $1.7 million, based on how Correa used the Astros' data to help draft players for the Cardinals.
Allegedly, Correa gained access using a password similar to that used by a Cardinals employee who turned over his Cardinals-owned laptop to Correa, along with the laptop's password, when that employee left St. Louis for Houston in 2011. In 2013, prosecutors said Correa downloaded a file of the Astros' scouting list of every eligible player for that year's draft, and that he viewed notes of trade discussions and a page that listed bonus details, statistics, notes on recent performances and injuries of potential draftees. The breach was reported in June of 2014.
The Astros, who up until the end of the 2013 season were NL Central rivals of the Cardinals, use a database called Ground Control to house proprietary information. They're one of the pioneers of the sabermetrics movement, relying on analytics in their scouting. Despite trying to ramp up security around the database after the Houston Chronicle ran a story on it, Correa was still able to access files. According to authorities, Correa hacked into the email system and viewed 118 pages of confidential information, including player evaluations, trade talks, and a 2014, partially completed team draft board.
At least two former Cardinals employees now work in Houston, including Astros General Manager Jeff Luhnow. Luhnow was heavily involved in the Cardinals own database, Redbird, but has denied using any information from Redbird or any other Cardinals intellectual property when creating Ground Control.
Correa read a letter in court before the sentencing, stating he was "overwhelmed with remorse and regret for my actions" and said the "whole episode was the worst thing I've done in my life by far."
As for the rest of the league, and especially the Astros, this is a great reminder to change their passwords every few months.