Security

IAAF Cyber Attack Puts Confidential Athlete Medical Data At Risk

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

IAAF president Sebastian Coe apologises for breach affecting athelete medical records

The International Association of Athletics Federations (IAAF) has been hit by a cyber attack which could put confidential Athlete data at risk of being made public.

The attack is believed to have been carried out by Russian collective Fancy Bear, also responsible for hacking the World Anti-Doping Agency (WADA) and leaking data on high-profile athletes such as tennis player Serena Williams and Olympic gymnast Simone Biles.

The IAAF hack supposedly targeted information related to applications for Therapeutic Use Exemptions (TUEs) and the affected athletes have been informed.

data breach

IAAF hack

IAAF president Sebastian Coe has apologised for the breach in a statement, saying: “Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential. They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation.”

Athletes can apply for TUEs to allow them to take certain banned substances for legitimate medical reasons and are issued by national anti-doping organisations. 

The IAAF has said that “the attack by FANCY BEAR, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security” and it believes the accessed information was “collected from a file server and stored on a newly created file”.

It is not yet known if the data was actually stolen or just accessed, but it is a very real possibility.

At the time of the WADA hack, US Anti-Doping Agency boss Travis Tygaart branded the attack as a “cowardly and despicable” act of “cyber-bullying” and said it reflected Russian government efforts to show Russians that covert doping was also carried out in other countries.

The Fancy Bears group is also believed to have been involved in attacks that interfered with last year’s US election process and the use of malware to track Ukrainian artillery units.

Do you know all about security in 2016? Try our quiz!