The International Association of Athletics Federation (IAAF) reported on Monday that their servers have been compromised and the medical records of their athletes are currently under threat. As a governing body for track and field, the IAAF stores data, including their athletes’ Therapeutic Use Exemption (TUE) forms. The IAAF said in a statement that the Russian hacking group Fancy Bear or also known as APT28 was behind the February 21 data breach.

Cyber investigations

The attack was detected by the Context Information Security during a series of technical investigations across the IAAF’s network that started in January.

Several other hacks that were happening last year were known to be the work of the same hacker group. In September, the database of the World Anti-Doping Agency (WADA), containing the medical records of dozens of athletes was targeted. The group published the files from the hack online in the guise of a member of the Anonymous hacker collective. Fancy Bear is linked to an interference occurring within the U.S. presidential election last year. It is also believed to have infiltrated the Democratic National Committee Chairman’s emails.

According to the Guardian, the IAAF had banned Russia, who did not participate in the Rio Olympics 2016, after a WADA commission discovered evidence of state-sponsored doping.

The country is probably not going to make the World Athletics Championships in London this August. Fancy Bear has not made any comments regarding the recent accusations, but the IAAF said that the February incident showed a “strong indication” of the attackers’ intent and that they had the means and access to obtain their data of interest.

IAAF’s apology

The president of the IAAF, Sebastian Coe, had issued an apology, saying that the organisation is committed to doing everything in their power to remedy the situation. The TUE forms contain confidential information obtained from the athletes who applied to take certain banned substances for verified medical requirements.

The organisation said it has contacted all 80 athletes who have applied for TUEs since 2012 for additional support. The attackers appear to have gathered metadata from a file server and then stored them in a new file, as detected in February, but it was unclear if this was the stolen data.