The World Anti-Doping Agency (WADA) confirms that the Russian cyber hackers, ‘Fancy Bear’ [aka Tsar Team (APT28)] have leaked another batch of confidential athlete data from WADA’s Anti-Doping Administration and Management System (ADAMS). Similar to the leak that the Agency announced on 13 September, this time the group released the confidential athlete data of 25 athletes, from eight countries, into the public domain. The targeted athletes include ten from the United States, five from Germany, five from Great Britain, one from the Czech Republic, one from Denmark, one from Poland, one from Romania, and one from Russia.
As disclosed on 13 September, the group has illegally gained access to ADAMS via an International Olympic Committee (IOC)-created account for the Rio 2016 Games. Confined to the Games, the account includes such confidential medical data as Therapeutic Use Exemptions delivered by International Sports Federations (IFs) and National Anti-Doping Organizations (NADOs). The group is releasing the data that it has obtained from this account in batches.
“WADA is very mindful that this criminal attack, which to date has recklessly exposed personal data of 29 athletes, will be very distressing for the athletes that have been targeted; and, cause apprehension for all athletes that were involved in the Rio 2016 Olympic Games,” said Olivier Niggli, Director General, WADA. “To those athletes that have been impacted, we regret that criminals have attempted to smear your reputations in this way; and, assure you that we are receiving intelligence and advice from the highest level law enforcement and IT security agencies that we are putting into action,” Niggli continued.
“Given this intelligence and advice, WADA has no doubt that these ongoing attacks are being carried out in retaliation against the Agency, and the global anti-doping system, because of our independent Pound and McLaren investigations that exposed state-sponsored doping in Russia,” Niggli continued. “We condemn this criminal activity and have asked the Russian Government to do everything in their power to make it stop,” he continued. “Continued cyber-attacks emanating from Russia seriously undermine the work that is being carried out to rebuild a compliant anti-doping program in Russia."
We still believe that access to ADAMS was obtained through spear phishing of email accounts; whereby, ADAMS passwords were obtained enabling access to ADAMS account information confined to the Rio 2016 Games. We have no reason to believe that other ADAMS data has been compromised.
WADA is reaching out to NADOs and IFs whose athletes are impacted by this new data release so that they can provide them with the necessary support.