Medical data at risk after alleged Fancy Bears cyber attack

Athletes’ confidential data is under threat of being made public after the IAAF revealed it had suffered a suspected cyber attack which it believes has compromised medical records, The Guardian reports.

A statement by the International Association of Athletics Federations said the Russian hacking group known as Fancy Bears was believed to be behind the attack in February and that it targeted information concerning applications by athletics for Therapeutic Use Exemptions. The IAAF said it had contacted athletes who had applied for TUEs since 2012 and its president, Sebastian Coe, apologised.

“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” he said in the statement. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation.”

TUEs are issued by sports federations and national anti-doping organisations to allow athletes to take certain banned substances for verified medical needs. The IAAF said that data on athlete TUEs was “collected from a file server and stored on a newly created file.”

“The attack by Fancy Bears, also known as APT28, was detected during a proactive investigation carried out by cyber incident response firm Context Information Security.”

It was not known if the information was stolen from the network, the IAAF said, but the incident was “a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will”.