[BreachExchange] Athletes’ medical data at risk after IAAF suffers alleged Fancy Bears cyber attack

Audrey McNeil audrey at riskbasedsecurity.com
Mon Apr 3 18:35:38 EDT 2017


https://www.theguardian.com/sport/2017/apr/03/athletes-
medical-data-cyber-attack-iaaf

Athletes’ confidential data is under threat of being made public after the
IAAF revealed it had suffered a suspected Russian cyber attack which it
believes has compromised medical records.

A statement by the International Association of Athletics Federations said
the Russian hacking group known as Fancy Bears was believed to be behind
the attack in February and that it targeted information concerning
applications by athletics for Therapeutic Use Exemptions. The IAAF said it
had contacted athletes who had applied for TUEs since 2012 and its
president, Sebastian Coe, apologised.

“Our first priority is to the athletes who have provided the IAAF with
information that they believed would be secure and confidential,” he said
in the statement. “They have our sincerest apologies and our total
commitment to continue to do everything in our power to remedy the
situation.”

TUEs are issued by sports federations and national anti-doping
organisations to allow athletes to take certain banned substances for
verified medical needs. The IAAF said that data on athlete TUEs was
“collected from a file server and stored on a newly created file.”

“The attack by Fancy Bears, also known as APT28, was detected during a
proactive investigation carried out by cyber incident response firm Context
Information Security.”

It was not known if the information was stolen from the network, the IAAF
said, but the incident was “a strong indication of the attackers’ interest
and intent, and shows they had access and means to obtain content from this
file at will”. Fancy Bears could not immediately be reached for comment.

Last year, the same group hacked into the World Anti-Doping Agency database
and published the confidential medical records of several dozen athletes.
Those included the cyclist Sir Bradley Wiggins, the 2012 Tour de France
winner and Britain’s most decorated Olympian with eight medals, who was
revealed to have used TUEs. Wiggins retired last year under something of a
cloud after it was revealed he took corticosteroid triamcinolone for
asthma, although he broke no anti-doping rules.

The IAAF banned Russia after a Wada commission report found evidence of
state-sponsored doping. Russia missed the track and field events at the Rio
Olympics last year and is likely to also miss the World Athletics
Championships in London in August.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170403/3f87c37e/attachment.html>


More information about the BreachExchange mailing list