The World Anti-Doping Agency (Wada) has confirmed that a suspected Russian hacking group illegally accessed its 'administration and management system' - known as 'Adams' - and stole troves of sensitive data on athletes.
The hacking group, which Wada claims is APT28, also known as 'Fancy Bear', is the same nation state operation believed to be responsible for cyberattacks against the US political system and the Democratic National Committee (DNC) earlier this year.
Among those targeted are Serena and Venus Williams, gymnast Simone Biles, who won four gold medals in the Rio Games 2016, and American basketball star Elena Delle Donne.
Compromised information, Wada explained in a statement, includes confidential medical data — such as Therapeutic Use Exemptions delivered by International Sports Federations (IFs) and National anti-doping organisations.
The statement continued: "While it is an evolving situation, at present, we believe that access to Adams was obtained through spear phishing of email accounts; whereby, Adams passwords were obtained enabling access to Adams account information confined to the Rio 2016 Games. At present, we have no reason to believe that other Adams data has been compromised."
Olivier Niggli, director general of the anti-doping watchdog, said: "Wada condemns these ongoing cyberattacks that are being carried out in an attempt to undermine Wada and the global anti-doping system.
"Wada has been informed by law enforcement authorities that these attacks are originating out of Russia," he continued. "Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency's independent McLaren Investigation Report."
Previously, Wada employed professor Richard McLaren to investigate the claims of Russian state-sponsored doping. The conclusions of the report were damning, implicating the FSB, the Russian Ministry of Sport (MofS) and the Russian Anti-Doping Agency in collusion.
News of the attack comes weeks after a separate incident involving a hack on the personal account of athlete Yuliya Stepanova, who alongside her family fled Russia after effectively blowing the whistle on the entire doping scandal.
"Wada deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged through this criminal act," Niggli's statement added. "We are reaching out to stakeholders, such as the IOC, IFs and Nados, regarding the specific athletes impacted."
On the same day as Wada acknowledged the breach, a website appeared online, titled 'Fancy Bears Hack Team' that claimed to be affiliated with the Anonymous hacking collective. In a statement on the site — which is currently hosting the hacked Wada information — the so-called hackers claimed to "stand for fair play and clean sport."
It said: "We announce the start of #OpOlympics. We are going to tell you how Olympic medals are won. We hacked World Anti-Doping Agency databases and we were shocked with what we saw.
"We will start with the US team which has disgraced its name by tainted victories. We will also disclose exclusive information about other national Olympic teams later. Wait for sensational proof of famous athletes taking doping substances any time soon."
Currently, the website claims to be hosting data on 'American athletes caught doping'. However as this remains unverified at this stage, IBTimes UK cannot yet comment on the legitimacy of the group's claims at this time.
"Cowardly and despicable"
Travis Tygart, chief executive of the United State Anti-Doping Agency (USADA) said it is "unthinkable" that hackers would attempt to "smear" athletes by obtaining and publishing confidential medical material - referencing a number of published records appearing to show positive drug tests.
In a statement, he said: "In each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication. The respective International Federations, through the proper process, granted the permission and it was recognised by the International Olympic Committee and USADA.
"The cyberbullying of innocent athletes being engaged in by these hackers is cowardly and despicable. It is time for the entire international community to stand up and condemn this cyberattack on clean sport and athletes rights."
This article was updated to insert a statement from the USADA.