According to the New York Times, Cardinals officials allegedly tried a series of passwords until they successfully accessed the Astros' network.
Recently unsealed documents indicate that a Chicago residence was searched in connection with the breach in October 2014.
Europol recently announced 49 arrests in connection with the fraud campaign.
The malware currently targets Oracle MICROS and other point-of-sale systems.
Approximately 4 million current and former federal employees may be affected.
The leaked data included names, birthdates, identification numbers and addresses.
A seven character password with special characters can be hacked in less than three minutes.
The company says malware was 'effectively deployed' on some of its point of sale systems between March 6 and April 17, 2015.
The leaked data includes user name, birthdates, email address, gender, location, relationship status and sexual orientation.