WADA hit by consecutive cyber attacks
Three leaks of personal data from WADA spark discussions of data security and face strong critism from national anti-doping agencies.
The international anti-doping agency WADA is currently facing hacking attacks that have brought confidential medical data of athletes into the public domain.
A Russian hacker group by the name of “Fancy Bears” has gained access to personal athlete data stored in WADA’s database, the administration and management system 'ADAMS'. Through their website and Twitter account, the hacker group has leaked the personal data of 29 international athletes including Yuliya Stepanova, Serena and Venus Williams, Simone Biles and Chris Froome. According to WADA, the hackers have gained access to the athletes’ passwords by the use of spear-phishing emails.
The two latest leaks focus on athletes that have been granted Therapeutic Use Exception (TUE), which is the dispensation for the use of an otherwise banned substance that the athlete is required to take due to his or hers specific illness or condition. Without offering any supporting evidence, Fancy Bears claims that these dispensations are “licenses for doping” and call WADA and the IOC Medical and Scientific Department “corrupt and deceitful.”
WADA has condemned the attacks and underlined the severity with which they regard them. The agency further assures the affected athletes ”that we are receiving intelligence and advice from the highest level law enforcement and IT security agencies that we are putting into action,” said WADA director general Olivier Niggli in a WADA statement issued after the latest attack.
WADA believes that the attacks come as retaliation for the McLaren report that revealed a state-sponsored doping system in Russia and have called on Russian authorities to “do everything in their power to make it stop”.
But the fear of having personal data leaked has already had some national anti-doping agencies react. Following the attack, the Norwegian anti-doping agency today stated that they would, with immediate effect, stop using ADAMS for the treatment of TUEs because of the personal data involved, the Norwegian NADO said in a statement.
Anti-doping UK stated that they are “appalled” by the leaks of personal data and stresses that “TUEs are granted based solely on medical need - they are not an indication of doping. They are there to support the clean athlete’s right to compete, despite a medical condition”.
The Danish national anti-doping agency calls the attacks "unforgivable" and stresses that the Danish swimmer, Pernille Blume, who was named in the most recent leak, has played by the rules. “She (Blume) has obviously become a pawn in larger international game, in which Russian forces seem to be moving focus from the documented systematic circumvention of the doping rules that has taken place in Russia,” said Michael Ask, director of the Danish NADO in a statement.