IAAF Issues Apology to Athletes Over Medical Data Leak by Fancy Bears Hackers

MOSCOW (Sputnik) — The International Association of Athletics Federations (IAAF) offered apologies to the athletes whose personal and medical information stored on IAAF servers became public as a result of a cyberattack by a hacking group identified as Fancy Bears, the IAAF said in a statement.

On Wednesday, the hacking collective released files with alleged Athlete Biological Passport (ABP) results, claiming they wanted "to show the scale of doping violations in track and field and to expose (the) inefficiency of anti-doping control." The tranche of documents leaked by Fancy Bears mentioned the names of 47 athletes, including British four-time Olympic gold medalist Mo Farah, Irish race walker Rob Heffernan, US long-distance runner Galen Rupp and Kenyan long-distance runner Mary Keitany.

"The IAAF offers its sincerest apologies to the athletes who believed their personal and medical information was secure with us. We will continue to work with cyber incident response (CIR) firm Context Information Security, who identified the Fancy Bear cyber-attack which we announced in April to create a safe environment," the statement issued on Thursday said.

The IAAF, nevertheless, stated that no assumptions should be made based upon leaked documents without full evidence, as single data readings of an ABP could not alone constitute evidence of doping.

In April, the IAAF announced it had been hacked by the Fancy Bears group. The hackers were held responsible for stealing the information containing data on the athletes’ TUE document (Therapeutic Use Exemptions). If the drug an athlete is supposed to use to treat an illness or condition happens to fall under the list of banned medications, a TUE may give that athlete the authorization to take the necessary drug without penalty. Therefore, banned substances observed in an athlete’s blood do not necessarily point to doping.