13 August 2016 – The World Anti-Doping Agency (WADA) confirms that Yuliya Stepanova’s password for WADA’s Anti-Doping Administration and Management System (ADAMS) was illegally obtained, which allowed a perpetrator to access her account on ADAMS. Ms. Stepanova was the key whistleblower for WADA’s Independent Pound Commission that exposed widespread doping in Russian athletics.
Through WADA’s regular security monitoring of ADAMS, the Agency noted that someone, other than Ms. Stepanova, had accessed her account. WADA immediately locked Ms. Stepanova’s account to prevent further access and notified her of the situation.
A subsequent investigation by WADA allowed the Agency to determine that no other athlete accounts on ADAMS have been accessed.
Earlier this week, WADA was made aware of an alleged hack of its website and to phishing scams. Regarding the latter, the Agency confirmed that some users had received illegitimate e-mails that look as though they come from WADA, which ask users to click on a link and enter their personal credentials. WADA quickly investigated and immediately sent an e-mail to all ADAMS users, including a warning banner on the ADAMS home page, alerting them to these e-mails, which WADA would never send, and asking them to advise ADAMS support immediately if they were to receive such an e-mail. To date, WADA has been made aware of the following illegitimate registrations, which we ask ADAMS users to watch out for: wada-awa.[org] and wada-arna.[org].
We continue monitoring the situation to determine whether or not users have acted (or act) on these e-mails to ensure that data remains secure.
Unfortunately, like many organisations, WADA is not immune to attempted cyber-attacks. Stakeholders can rest assured that the Agency takes IT security and data privacy very seriously; accordingly, as a matter of course, we monitor all our systems on a continuous basis and adjust as necessary in line with the best of IT security practices. It should also be noted that WADA is in contact with the relevant law enforcement authorities.