Fancy Bears hackers linked to foiled cyber attack on UK Anti-Doping Agency

The UK Anti-Doping Agency has foiled an attempted cyber attack that tried to access confidential medical and drug‑testing data, the Guardian can reveal.

The attack, which took place over the weekend, required Ukad’s servers to be rebooted Monday. But its experts are now confident that no data was lost or compromised.

Although the culprits have yet to been identified, some sources are pointing the finger at the Russian cyber-team Fancy Bears, who have hacked the World Anti‑Doping Agency’s athlete management database and the US Anti-Doping Agency.

It was Fancy Bears who revealed that the British cyclist Bradley Wiggins had secretly used the powerful corticosteroid triamcinolone before his Tour de France victory in 2012 – as well as on two other occasions – after being granted a therapeutic use exemption certificate by cycling’s governing body, the UCI.

Fancy Bears also attracted significant publicity when they hacked into Usada and then leaked its unpublished preliminary report into the Nike Oregon Project, run by Mo Farah’s former coach Alberto Salazar, which contained strong criticisms of the UK Athletics medical team.

In both cases, the release of the data threw the spotlight on the use of TUEs and other so-called “grey area” practices in sport – with a recent report by the digital, culture, media and sport select committee suggesting that Wiggins and Team Sky “crossed an ethical line” by using drugs allowed under anti-doping rules to enhance performance instead of just for medical need.

In a statement a Ukad spokesperson confirmed the attempted hack but stressed that no data had been accessed. “Over the weekend Ukad was made aware of a cyber attack affecting our systems,” she said.

“We can confirm that no data has been lost or compromised. We took the necessary steps to investigate and resolve the situation and no core activity including our testing programme has been impacted.”

Wada’s systems were hacked after Fancy Bears used spear phishing of email accounts to gain access to its athletes database, while Usada is rumoured to have been hacked when an employee used his computer over a public network at the Rio Olympics.

Ukad, however, continues to believe that its systems are robust. “We are satisfied that we have appropriate levels of cyber-security and we consistently review our systems to ensure they are of a very high standard,” the spokeswomen said.