Exclusive: a data breach at the English Institute of Sport affected cyclists among athletes from other sports

TAGS:

The organisation which holds medical records and performance data on British Cycling funded athletes has been affected by a security breach, Cycling Weekly has learnt.

The English Institute of Sport (EIS) has sent communications to all cyclists concerned, though it is still in the process of informing athletes from other sports.

The EIS is the country’s largest provider of sports science, medicine and technology.

The Manchester based operation holds athletes’ medical data, performance data and data from physiological testing.

The EIS has confirmed to Cycling Weekly that the security breach in question affected emails only, and was not linked to the centralised data containing medical records and information such as Therapeutic Use Exemption (TUE) grants.

A full investigation has been completed and the EIS have said that security has now been restored.

A spokesperson from the EIS said: “We can confirm there has been an email security incident at the EIS.

“A full investigation has been underway, and we are now in the process of working with sports to notify those affected in an appropriate manner. Until this process is complete, it would be inappropriate to comment further.

“For the avoidance of doubt, we can confirm that no clear source or cause of the incident was identified by external cyber security experts appointed to investigate, and that the EIS’s medical data system (PDMS) was not targeted or affected by this incident.”

British Cycling performance director Stephen Park said: “Following a data breach at the English Institute of Sport, we have communicated with all of our riders.

“We are satisfied that the data from this breach does not represent a significant risk to their privacy and additional support has been offered to everyone who has been directly affected. I would like to thank our colleagues at the EIS for their help throughout this process.”

In 2016, the World Anti Doping Agency (WADA) was hacked by the Fancy Bears Group, who revealed athletes’ confidential medical information including Therapeutic Use Exemptions granted to the likes of Bradley Wiggins and Chris Froome. 

This included the use of asthma medication Salbutamol and the corticoid Triamcinolone Acetonide.

The Fancy Bears gained access to the Anti-Doping Administration and Management System [ADAMS] that was created for the Rio 2016 Olympic games. In response, WADA deactivated the Rio 2016 ADAMS account, disabled the ‘forgot password’ feature and increased its security as well as deactivating dormant accounts.