The International Association of Athletics Federations (IAAF) has expressed concerns that the therapeutic use exemption (TUE) data of athletes has been stolen after the organization was the victim of a cyber attack by hacking group Fancy Bears.

The governing body of world athletics confirmed Meta data on athlete TUEs was collected from a file server and stored in a newly created file during the attack on February 21. The IAAF had made contacts with every competitor who has obtained a TUE since 2012. The International Association of Athletics Federations said athletes have been provided with a dedicated email address should they have any questions about the attack.

Fancy Bears group, believed to be Russian, first published confidential athlete information obtained following hacks of the World Anti-Doping Agency (WADA) in September. Leading athletes including leading US stars such as four-time Rio 2016 gold medal winning gymnast Simone Biles, tennis legend Serena Williams, and British Tour de France winning cyclists in Bradley Wiggins and Chris Froome are among the names to have been published on the Fancy Bears hacking group website.

A United States security services report into cyber bodies linked Fancy Bears to the Russian Intelligence Services. The report that was jointly compiled by the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) cited the Hacker group amid a list of 48 “alternate names” for “Reported Russian Military and Civilian Intelligence Services”.  The 13-page report concludes the activity by the Russian intelligence services is part of an ongoing campaign of cyber-enabled operations directed at the US Government and its citizens. It added this joint analysis report provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the United States Government.

The hacking group released dozens of emails showing separate conversations between officials from the World Anti-Doping Agency (WADA) and the United States Anti-Doping Agency (USADA). The email topics included suggestions that high-profile American athletes submitted tests showing unusual blood values as well as a tip-off that at least two Olympians from the United States took cocaine in order to lose weight before Rio 2016. It was also reported that a non-American athlete, who has not been banned, had a blood transfusion before a major race. They have released details of therapeutic use exemptions obtained by a number of high-profile athletes, including Spanish tennis star Rafael Nadal and Britain’s four-time Olympic gold medalist Mo Farah.

IAAF President Sebastian Coe apologized to the athletes whose data may have been compromised. Coe remarked our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential. The IAAF President further remarked that they have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organizations to create as safe an environment as we can.

pdf_iconDownload in PDF: Fancy Bears Hack IAAF Athlete Data