The UK Anti-Doping Agency (UKAD) has revealed that it suffered an attempted cyber attack over the weekend, but insist it foiled attempts to access confidential medical and athlete drug testing data, and that no data was lost or compromised.
The Independent newspaper reported that staff at the agency’s London headquarters were called into a meeting on Monday morning, where they were informed of the breach and sent home.
"The staff were just told: ‘There are no electronic systems live at the moment. We’re running through our internal processes to try and remedy the situation – to identify the source of the attack and deal with it,'" an agency source said.
“It’s probably going to take 24 hours for the systems to back online, while they’re doing their appraisal of the systems. They’re telling staff the bare bones.”
The UKAD cyber attackers have not been identified, but according to the Guardian newspaper and other media, the Russian Fancy Bears cyber team, who hacked the World Anti Doping Agency’s athlete management database and the US Anti-Doping Agency, is suspected of being behind the attack.
Fancy Bears hit the headlines when it revealed that the Bradley Wiggins had used the powerful corticosteroid triamcinolone before his Tour de France victory in 2012 and other Grand Tour goals, after being granted a series of therapeutic use exemptions (TUE) by the UCI.
The British Parliamentary Digital, Culture, Media and Sport select committee later suggested that Wiggins and Team Sky “crossed an ethical line” by using drugs allowed under anti-doping rules to enhance performance instead of just for medical need.
WADA’s systems were reportedly hacked after Fancy Bears used spear phishing of email accounts to gain access to its athlete database, while USADA is rumoured to have been hacked when an employee used his computer over a public network at the Rio Olympics.
In a statement a UKAD confirmed the cyber-attack but stressed that no data had been accessed.
“Over the weekend UKAD was made aware of a cyber-attack affecting our systems,” UKAD wrote on its twitter feed.
“We can confirm that no data has been lost or compromised. We took the necessary steps to investigate and resolve the situation and no core activity including our testing programme has been impacted.”
UKAD maintains that its systems are robust. “We are satisfied that we have appropriate levels of cybersecurity and we consistently review our systems to ensure they are of a very high standard.”