DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

International Association of Athletics Federations discloses cyber attack

Posted on April 3, 2017 by Dissent

Brian Homewood reports:

The governing body of global athletics (IAAF) said on Monday it had suffered a cyber attack which it believes has compromised information about athletes’ medical records.

An IAAF statement said the hacking group known as Fancy Bear was believed to be behind the attack in February and that it targeted information concerning applications by athletics for Therapeutic Use Exemptions.

The IAAF said it had contacted athletes who had applied for TUEs since 2012 and its president, Sebastian Coe, apologized.

Read more on Reuters.

Here is IAAF’s full press release:

The IAAF has been a victim of a cyber attack which it believes has compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

The attack by FANCY BEAR, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security, who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems.

The presence of unauthorised remote access to the IAAF network by the attackers was noted on 21 February where meta data on athlete TUEs was collected from a file server and stored in a newly created file. It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.  

Over the past month the IAAF has consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers’ access to the network. This was carried out and completed over the weekend.

Athletes who have applied for TUEs since 2012 have today been contacted and provided with a dedicated email address to contact the IAAF if they have any questions. Any other athlete concerned about their TUE applications should go to askiaaf.org, complete and submit the form and we will respond, wherever possible, within 24 hours.

“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” said IAAF President Sebastian Coe. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organisations to create as safe an environment as we can.”

IAAF

Category: HackHealth DataMiscellaneousNon-U.S.

Post navigation

← UK: How many people did Landauer hack affect?
Data leak exposes details of 450,000 lottery subscribers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile
  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch (1)
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.