Member Article

WADA Hacked: Medal-Winning Olympians’ Data Posted Online

The leak of medical records belonging to five British Olympic athletes including Chris Froome and Bradley Wiggins (pictured above) this week has once again brought the issue of personal data security onto the front pages.

The data was illegally accessed from the World Anti-Doping Agency’s (WADA’s) Administration and Management System (ADAMS) via a spearphishing attack using an International Olympic Committee-created account for the Rio 2016 Games.

A spearphishing attack is a lot more targeted than a phishing attack, and a lot harder to defend against. It targets a single individual or small team with an email tailored to what interests them. This kind of attack has also been called “whaling” when a targeted person has a lot at stake financially because of their high net-worth.

Michael Hack, SVP EMEA Operations at Ipswitch, comments: “While it is true that data is still most at risk when it is in transit, there are a significant number of potential security threats including spear phishing attacks, which can be used to break into a supposedly safe repository – such as a password encrypted database – allowing hackers to extract data when it is at rest. The leak at WADA shows that, in order to protect sensitive data, companies not only need to adopt a broad mix of security processes, such as secure and managed file transfer systems at a corporate level, but that training needs to be given to individual employees on how to be safe, responsible and vigilant when they go online”

He continues: “Often, companies can have the best IT infrastructure in place, but if employees have not had the necessary training and support to understand the risks that a breach in their own personal data security can have on the wider company, they may accidentally disclose personal details to a scammer, and hackers will inevitably find a way in through the back door.”

World Anti-Doping Agency’s director general Olivier Niggli said: “WADA is very mindful that this criminal attack, which to date has recklessly exposed personal data of 29 athletes, will be very distressing for the athletes targeted and cause apprehension for all athletes that were involved in the Rio 2016 Olympic Games.”

This was posted in Bdaily's Members' News section by Bill Holiday .