"In court filings, both men deny wrongdoing and say the activity was tied to union organizing efforts. Moussaron stated he used standard browser developer tools in order to access information available through systems tied to his login credentials, and that he did not bypass security controls. Krithivas has said the information was being gathered to support an effort to organize SkyWest pilots."


It's not going to go well for the pilots if they accessed info which company policy did not permit them to access.

It will probably come down to the detailed language in the company policy manual. Also the technical details of "how" they accessed it might matter.

Writing a script to harvest emails addys populated in the "TO" field on your outlook session might be OK, since the system serves those up to you.

Directly accessing the database is probably no bueno, that's not what your login credentials were provided for. Kind of like claiming it's not burglary because somebody left the door unlocked or loaned you a key. Access is only part of it, what you do once inside matters more.

Union organizing doesn't give you the right to get into company IT systems without their consent. It sure doesn't allow you to violate federal law related to wiretap/cyber, if that ends up coming into play.