Athletes’ TUEs data hacked by Fancy Bears, says IAAF

The IAAF, the world governing body for athletics, says that it has been targeted by the Russia-based computer hacking group “Fancy Bears.”

In a statement released Monday, the IAAF said the cyber attack which took place in February focused on athletes who had made applications for Therapeutic Use Exemptions (TUEs).

“The attack by FANCY BEAR, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security…’ the IAAF said in a statement on its website.

“The presence of unauthorized remote access to the IAAF network by the attackers was noted on February 21 where meta data on athlete TUEs was collected from a file server and stored in a newly created file,” the IAAF statement added.

The governing body has since consulted with the UK National Cyber Security Center and its counterpart in Monaco to remove the threat.

The IAAF said it has contacted more than 80 athletes who applied for TUEs since 2012 about the breach.

“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” IAAF President Sebastian Coe said in the IAAF statement.

“They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organizations to create as safe an environment as we can,” he added.

A spokesperson for the IAAF told CNN that the organization is “not able to fully assess the access the attacker may have had to the IAAF data,” but added that up to 100 TUE applications may have been compromised.

The cyber infiltration appears to be a repeat of the 2016 hack of the World Anti-Doping Agency (WADA) that revealed therapeutic drug exemptions granted to American athletes Serena and Venus Williams, along with gymnast Simone Biles and basketball player Elena Delle Donne.

Along with exposing the medical details of the 2016 American Olympians, Fancy Bears gained notoriety last year for revealing TUEs of nine British athletes, including Mo Farah and cyclist Bradley Wiggins.

Farah, who has four Olympic gold medals to his name, received two TUEs – one for anti-inflammatory treatment for a 2008 injury, and the other for treatment after the runner collapsed in 2014.

There is no suggestion of wrongdoing by any of the athletes.

At the time of writing, no information from the IAAF hack has been published.

A TUE is an exemption that allows an athlete to use, for therapeutic purposes only, an otherwise prohibited substance or method.

They’re often used because athletes may have illnesses or conditions which means they need to take certain medications.