The World Anti-Doping Agency (WADA) yesterday announced that Russian hackers had illegally accessed its Anti-Doping Administration and Management System (ADAMS) database.
"While it is an evolving situation, at present, we believe that access to ADAMS was obtained through spear phishing of email accounts, whereby ADAMS passwords were obtained enabling access to ADAMS account information confined to the Rio 2016 Games," the organization said in a statement.
WADA's statement identified the hackers as part of a group known as Tsar Team (APT28) or Fancy Bear, and stated that they accessed athletes' personal information, including confidential medical data.
The hackers published some of the stolen data online, and accused U.S. athletes Simone Biles, Elena Delle Donne, and Serena and Venus Williams of using banned drugs with WADA's approval.
"WADA condemns these ongoing cyber attacks that are being carried out in an attempt to undermine WADA and the global anti-doping system," WADA director general Olivier Niggli said in a statement. "WADA has been informed by law enforcement authorities that these attacks are originating out of Russia."
"Let it be known that these criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia further to the outcomes of the Agency's independent McLaren Investigation Report," Niggli added.
Jason Hart, vice president and chief technology officer for Gemalto's data protection solutions, told eSecurity Planet by email that the WADA breach is a clear example of the changing face of data breaches and the rise of identity theft.
"According to Gemalto’s Breach Level Index, identity and personal data theft accounted for 64 percent of all data breaches in the first half of 2016," Hart said. "The main motivation for cybercriminals continues to move beyond financial theft to long-term identity theft. Data breaches are now more personal, as this WADA breach demonstrates, with the universe of risk exposure for people widening."
"With the increasing frequency and size of data breaches, being breached is not a question of 'if' but 'when,'" Hart added. "Perimeter defenses are just what they are, first lines of defense. When those fail, the only way data can be protected is to encrypt it. It is especially important that sensitive healthcare data is always encrypted. That way, if the data is stolen it is useless to the thieves. Obviously it was not in this case."
According to the results of a recent Enterprise Strategy Group (ESG) survey of 200 senior IT and security professionals, fully 98 percent of respondents view the loss of sensitive data as a top or significant concern.
The survey, sponsored by Seclore, also found that 67 percent believe sensitive data has been lost in the last 12 months due to emails having been sent to the wrong person, and 64 percent believe sensitive data has been lost in the last 12 months due to unauthorized access.
Fifty-six percent of respondents said it's very or somewhat likely that files have been stolen by partners, contractors or customers. Sixty percent said the same about files being stolen by malicious software, and 58 percent said the same about files being stolen by employees.
"In order to stay competitive, organizations must embrace key business agility drivers, such as mobility, outsourcing, file-sharing, and cloud-based systems, but also must acknowledge how these factors open up organizations to unnecessary security risks that can cause devastating repercussions," Seclore CEO Vishal Gupta said in a statement.
Photo courtesy of Shutterstock.