The International Association of Athletics Federations on Monday revealed that it had been a “victim of a cyber attack” which it believes has compromised athletes’ medical records on Therapeutic Use Exemption. Sebastian Coe, the president of the IAAF, issued an apology, saying that they have contacted athletes who had applied for TUEs since 2012.
An IAAF statement said a Russian hacking group known as “Fancy Bears” was believed to be behind the attack, which took place in February and targeted athletes’ TUE applications, stored on IAAF servers.
TUEs are issued by sports federations and national anti-doping organisations to allow athletes to take certain banned substances for verified medical needs, reported Reuters.
“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” Coe said in the statement. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organisations to create as safe an environment as we can.”
“The attack by FANCY BEAR, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security.”
The IAAF said it was not known if the information was stolen, but the incident was “a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will”.
The same group had hacked into the World Anti-Doping Agency database last year and published the confidential medical records of several athletes. Those included cyclist Bradley Wiggins, Mo Farah, Helen Glover and Justin Rose.