Confidential medical data on athletes in last month’s Rio Olympics has been hacked and published by a Russian cyber espionage group, and more such leaks may follow, the World Anti-Doping Agency (WADA) said on Tuesday.
WADA identified the group as Tsar Team (APT28), also known as Fancy Bear.
The http://www.fancybear.net website said it had information about a number of U.S. athletes, including tennis sisters Serena and Venus Williams as well as multiple gold medal-winning gymnast Simone Biles.
“WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system,” said director general Olivier Niggli in a statement that did not name any athletes.
“WADA has been informed by law enforcement authorities that these attacks are originating out of Russia.”
Russian news agencies quoted Kremlin spokesman Dmitry Peskov as saying any possible Russian government or secret service participation in the hacking was out of the question.
Russia’s track and field team, with the exception of one athlete based in the United States, were banned from the Rio Games in August over what WADA said was a state-backed doping programme.
Russian competitors in other sports also had to prove they were clean by meeting several criteria to be eligible to compete in Brazil.
The fancybear.net website said its team had hacked the WADA databases and “were shocked with what we saw.
“We will start with the U.S. team which has disgraced its name by tainted victories,” it said. “We will also disclose exclusive information about other national Olympic teams later.
“Wait for sensational proof of famous athletes taking doping substances any time soon.”
The International Olympic Committee (IOC), U.S. Anti-Doping Agency (USADA), International Tennis Federation (ITF) and USA Gymnastics all issued strong statements on Tuesday condemning the publication of confidential WADA information.
Travis Tygart, chief executive of USADA, said the athletes whose data was hacked had done nothing wrong.
WADA said the group was believed to have gained access to its anti-doping administration and management system (ADAMS) via an IOC-created account for the Rio Games.
The IOC said it condemned methods “which clearly aim at tarnishing the reputation of clean athletes.
“The IOC can confirm, however, that the athletes mentioned did not violate any anti-doping rules during the Olympic Games Rio 2016.”
Data accessed included so-called Therapeutic Use Exemptions (TUE) issued by sports federations and national anti-doping organisations that allow athletes to take certain substances.
“WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act,” said Niggli.
“We are reaching out to stakeholders… regarding the specific athletes impacted.”
Niggli added that the hack was “greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report.”
The McLaren report described, among other things, how Russians were replacing positive doping samples with clean ones during the Sochi winter Games with the support of the Russian secret service.
WADA revealed last month that Russian whistleblower Yulia Stepanova’s electronic account had been illegally accessed with a “perpetrator” obtaining details which would normally include her registered whereabouts.
Stepanova, in hiding in North America, helped reveal the biggest state-backed doping programme in Russia and was forced to flee the country with her husband for fear of her life.
USADA chief Tygart said the athletes whose confidential information had been leaked had followed the rules.
“In fact, in each of the situations the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication,” he said in a statement.
“The cyber-bullying of innocent athletes being engaged by these hackers is cowardly and despicable.”
The ITF said it was “disappointed” that sensitive medical information relating to tennis players had been obtained and published.
ITF president David Haggerty said all TUEs handed out to tennis players were done so in accordance with WADA rules.
USA Gymnastics said Biles was approved for a TUE exemption and had not broken any rules.
“Simone has filed the proper paperwork per USADA and WADA requirements, and there is no violation,” said USA Gymnastics president Steve Penny in a statement confirming that her data had been hacked.
Biles herself said on Twitter: “I have ADHD and I have taken medicine for it since I was a kid. Please know, I believe in clean sport, have always followed the rules, and will continue to do so as fair play is critical to sport and is very important to me.”