DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

International Association of Athletics Federations discloses cyber attack

Posted on April 3, 2017 by Dissent

Brian Homewood reports:

The governing body of global athletics (IAAF) said on Monday it had suffered a cyber attack which it believes has compromised information about athletes’ medical records.

An IAAF statement said the hacking group known as Fancy Bear was believed to be behind the attack in February and that it targeted information concerning applications by athletics for Therapeutic Use Exemptions.

The IAAF said it had contacted athletes who had applied for TUEs since 2012 and its president, Sebastian Coe, apologized.

Read more on Reuters.

Here is IAAF’s full press release:

The IAAF has been a victim of a cyber attack which it believes has compromised athletes’ Therapeutic Use Exemption (TUE) applications stored on IAAF servers.

The attack by FANCY BEAR, also known as APT28, was detected during a proactive investigation carried out by cyber incident response (CIR) firm Context Information Security, who were contacted by IAAF at the beginning of January to undertake a technical investigation across IAAF systems.

The presence of unauthorised remote access to the IAAF network by the attackers was noted on 21 February where meta data on athlete TUEs was collected from a file server and stored in a newly created file. It is not known if this information was subsequently stolen from the network, but it does give a strong indication of the attackers’ interest and intent, and shows they had access and means to obtain content from this file at will.  

Over the past month the IAAF has consulted the UK National Cyber Security Centre (NCSC) and the Agence Monégasque de Sécurité Numérique (Monaco AMSN) and worked with Context to carry out a complex remediation across all systems and servers in order to remove the attackers’ access to the network. This was carried out and completed over the weekend.

Athletes who have applied for TUEs since 2012 have today been contacted and provided with a dedicated email address to contact the IAAF if they have any questions. Any other athlete concerned about their TUE applications should go to askiaaf.org, complete and submit the form and we will respond, wherever possible, within 24 hours.

“Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential,” said IAAF President Sebastian Coe. “They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation and work with the world’s best organisations to create as safe an environment as we can.”

IAAF

Category: HackHealth DataMiscellaneousNon-U.S.

Post navigation

← UK: How many people did Landauer hack affect?
Data leak exposes details of 450,000 lottery subscribers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month
  • Steelmaker Nucor Says Hackers Stole Data in Recent Attack
  • People’s Republic of China cyber threat activity: Cyber Threat Bulletin
  • Ukrainian Web3 security auditing company Hacken suffered an attack that allowed a hacker to create 900 million HAI tokens
  • McLaren provides written notice to 743,131 patients after ransomware attack in July 2024 (2)
  • A state forensics lab was leaking its files. Getting it locked down involved a number of people.

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill
  • Officials defend Liberal bill that would force hospitals, banks, hotels to hand over data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.