The World Anti-Doping Agency confirmed its Anti-Doping Administration and Management Systems was hacked by a Russian cyber espionage group operator who goes by the name Tsar Team and Fancy Bear.
The group accessed data containing confidential medical data of athletes who participated in the recent summer Olympics. Some of the data in the account, created by an International Olympic Committee, includes Therapeutic Use Exemptions delivered by International Sports Federations and National Anti-Doping Organizations.
One of the athletes victimized by the attack was American gymnast Simone Biles, who later claimed the substances were used to treat her ADHD. She later went on to tweet that her diagnosis was “nothing to be ashamed of.”
The hacker released some of the information to the public, and is threatening to release more. However, there is no reason to believe that other ADAMS data has be compromised.
Oliver Niggli, Director General of WADA said they condemn the continuous cyber attacks and that they are reaching out to shareholders regarding the specific athletes being impacted.
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” said Niggli.
In a release, WADA said it is taking these attacks seriously. The agency is investigating alongside law enforcement authorities, and is conducting external and internal vulnerability checks to ensure that stakeholders are securely managing ADAMS passwords.
“WADA has been informed by law enforcement authorities that these attacks are originating out of Russia. Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report,” said Niggli in the release.
This attack follows a hack in August where Yulia Stepadova’s password for ADAMS was illegally obtained. Stepadova was the key whistleblower for WADA’s Independent Pound Commission that exposed widespread doping in Russian olympians.
Although an evolving situation, it is believed access to ADAMS was obtained through spear phishing of emails; where ADAMS passwords were stolen and used access ADAMS account information.