IAAF, the governing body of track and field, has said it was hacked by Fancy Bears, a group which has been linked to Russia. In 2015, IAAF banned Russia’s athletics federation from international competitions over doping.
The medical records of athletes have been compromised by a cyberattack carried out by Fancy Bears, the same group that previously hacked the World Anti-Doping Agency, the world governing body of athletics said Monday.
The IAAF said in a statement it believes the hacking group targeted athletes’ Therapeutic Use Exemptions (TUEs) through an unauthorized remote access attack on its servers in February.
TUEs are permissions given by sports federations and national anti-doping organizations for athletes to take certain banned substances for verified medical reasons.
“It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will,” IAAF said in a statement.
Fancy Bears linked to Russian intelligence
Western governments and security experts have linked Fancy Bears to the GRU, Russia’s military intelligence agency. The World Anti-Doping Agency (WADA) has previously accused Fancy Bears of carrying out a attack on its servers in 2016. US intelligence agencies also say the group and other Russian hackers were behind cyberattacks designed to influence the US election last year. Russia has denied the allegations.
IAAF said all athletes who applied for TUEs since 2012 had been notified.
“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” said IAAF President Sebastian Coe. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organizations to create as safe an environment as we can.”
British computer security company Context Information Security conducted the investigation of IAAF’s systems.
After last year’s attack on the World Anti-Doping Agency, Fancy Bears published the confidential medical records of dozens of athletes, many from the United States and the UK. No records of Russian athletes were released.
In 2015, the IAAF banned Russia’s athletics federation from international competitions after a WADA investigation found widespread state-sponsored doping. Most Russian track and field athletes were not able to attend the Summer Olympics in Rio de Janeiro last year, and are likely to miss the world athletics championships in London in August after IAAF extended the ban in February.