The World Anti-Doping Agency on Tuesday condemned Russian hackers who breached its database and published confidential athlete records, the second cyber-attack on the organisation since early August.
WADA said in a statement that the Russian cyber-espionage group Tsar Team (APT28), also known as Fancy Bear, had broken into its Anti-Doping Administration and Management System (ADAMS) database.
The group earlier Tuesday published information gleaned from the files of four prominent US athletes who competed at the Rio de Janeiro Olympics, including a gold-medal winner.
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” WADA director general Olivier Niggli said in a statement.
“WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system,” Niggli added.
The Fancy Bear group published a series of files relating to the athletes which detailed instances of “adverse analytical findings” (AAFs) or their use of therapeutic use exemptions (TUEs).
An AAF means that a substance on WADA’s banned list has been found in an athlete’s system but it is not classified as an anti-doping violation if it can be legitimately explained for a medical reason.
A therapeutic use exemption is granted to athletes suffering from a condition or injury which requires treatment using medicine included on WADA’s banned list.
A spokeswoman for the IOC blasted the hacking, stating none of the athletes named in the files were guilty of doping offences.
“The IOC strongly condemns such methods, which clearly aim at tarnishing the reputation of clean athletes,” the spokeswoman told AFP.
“The IOC can confirm however that the athletes mentioned did not violate any anti-doping rules during the Olympic Games Rio 2016.”
The United States Anti-Doping Agency (USADA) decried the hack as “cowardly and despicable”, emphasising that none of the named athletes had committed an offence.
“In each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication,” USADA chief executive Travis Tygart said.
“The cyber-bullying of innocent athletes being engaged by these hackers is cowardly and despicable,” added Tygart, who in the past played a leading role in bringing down US cycling dope cheat Lance Armstrong.
The latest breach of WADA’s database comes after the agency confirmed last month that Russian whistleblower Yuliya Stepanova’s file had been accessed by hackers.
Stepanova, who is living in hiding in the United States after lifting the lid on doping in Russian sport, later said she feared for her life following the hack.
WADA said it believed the latest breach had occurred after “spear phishing” of email accounts and that it had been confined to ADAMS accounts of athletes competing in Rio.
Spear phishing is when an email user receives a message purportedly from someone they know, but it is actually from a hacker.
The hacking comes after a series of WADA investigations which have alleged a vast state-sponsored doping programme in Russian sport dating back several years.
Russia’s track and field athletes were banned from the Rio Olympics by the International Association of Athletics Federations, angering the Kremlin, which condemned the move as politically motivated.