Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Ukad hack: Anti-doping agency holding thousands of sports stars’ drug test details hit by cyber attack

Exclusive: Medical details of Premier League footballers and Olympic athletes are among those held by the official body, whose systems came under attack over the weekend

Ed Malyon,Andrew Griffin
Wednesday 11 April 2018 12:46 BST
UK anti-doping agency holding thousands of sports stars’ drug test details hit by cyber attack

The UK anti-doping agency, which holds thousands of sports stars’ drug test details and medical records, has been hit by a cyber attack.

The Independent can reveal that staff at the agency’s London headquarters were called into a meeting on Monday morning, where they were informed of the breach and sent home.

Premier League footballers, high-profile cyclists and well-known Olympic athletes are among those whose data is held on Ukad servers.

Previous hacks on anti-doping agencies have revealed detailed medical information of some of the world’s leading athletes, sending shockwaves through the sport and geopolitical communities.

A Ukad spokesperson confirmed the agency had been the subject of a cyber attack but claimed it was unsuccessful and that they believed no data had been lost.

The agency is still investigating the matter.

“I got in with the rest of the staff, and we were told that there had been a security breach over the weekend,” an agency source told The Independent.

“It subsequently came to light that they had linked it to our servers.

“My interest was piqued by the fact that our team wanted to get out in front of the story, especially in light of Fancy Bears from a few years ago.”

In 2016, the anonymous cyber espionage group Fancy Bears leaked the World Anti-Doping Agency’s (Wada) classified medical records and drug testing files of a number of athletes who had received therapeutic use exemptions, including the tennis player Serena Williams, cyclist Bradley Wiggins and athlete Mo Farah.

The group also later hacked the International Association of Athletics Federations (IAAF) and International Olympic Committee (IOC). On their website, Fancy Bears describe themselves as an “international hack team” who “stand for fair play and clean sport”.

An agency source added: “The staff were just told: ‘There are no electronic systems live at the moment. We’re running through our internal processes to try and remedy the situation – to identify the source of the attack and deal with it.’

“It’s probably going to take 24 hours for the systems to back online, while they’re doing their appraisal of the systems. They’re telling staff the bare bones.”

Ukad is the British organisation charged with protecting a culture of clean sport, and is a non-departmental public body of the Department for Culture, Media and Sport.

Working in partnership the Wada, its role is to ensure sporting bodies in the UK are compliant with Wada’s code while implementing the UK’s own national anti-doping policy.

The agency’s role has many different aspects, including the use of education with young athletes as an attempt to prevent accidental doping violations.

But their most visible public role is in the testing of elite athletes, and Ukad perform “intelligence-led testing across more than 40 Olympic, Paralympic and professional sports”.

A Ukad spokesman said: ”Over the weekend Ukad was made aware of a cyber attack affecting our systems.

“We can confirm that no data has been lost or compromised. We took the necessary steps to investigate and resolve the situation. No core activity including our testing programme has been impacted.

“We are satisfied that we have appropriate levels of cyber-security in place, and we continually review our systems and measures to ensure they are of a very high standard.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in