The World Anti-Doping Agency (WADA) confirmed today that a cyber espionage group based out of Russia hacked into the Anti-Doping Administration and Management System (ADAMS) database during the 2016 Rio Olympic Games.
The cyber espionage group was operating under the name of Tsar Team (APT28), also known as Fancy Bear, and accessed the database via an International Olympic Committee (IOC) account that was created for the Games. This account allowed the group to access data on the athletes, some of which was subsequently released in the public domain along with a threat that more would be released.
WADA has issued assurances that no other ADAMS data has been compromised.
Director General of WADA, Olivier Niggli, noted,
WADA deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act. We are reaching out to stakeholders, such as the IOC, IFs, and NADOs, regarding the specific athletes impacted. WADA condemns these ongoing cyber-attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system. WADA has been informed by law enforcement authorities that these attacks are originating out of Russia. Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency’s independent McLaren Investigation Report.
The Agency has since extended their investigation with law enforcement authorities, announced that they are conducting both internal and external security vulnerability checks, and are “taking the necessary measures to ensure that stakeholders securely manage ADAMS passwords and its usage.”
More about the WADA database hack can be found here.