British Cycling riders’ data security breached

Exclusive: a data breach at the English Institute of Sport affected cyclists among athletes from other sports

British Cycling riders in action
(Image credit: Alex Whitehead/

The organisation which holds medical records and performance data on British Cycling funded athletes has been affected by a security breach, Cycling Weekly has learnt.

The English Institute of Sport (EIS) has sent communications to all cyclists concerned, though it is still in the process of informing athletes from other sports.

The EIS is the country's largest provider of sports science, medicine and technology.

The Manchester based operation holds athletes' medical data, performance data and data from physiological testing.

The EIS has confirmed to Cycling Weekly that the security breach in question affected emails only, and was not linked to the centralised data containing medical records and information such as Therapeutic Use Exemption (TUE) grants.

A full investigation has been completed and the EIS have said that security has now been restored.

A spokesperson from the EIS said: “We can confirm there has been an email security incident at the EIS.

“A full investigation has been underway, and we are now in the process of working with sports to notify those affected in an appropriate manner. Until this process is complete, it would be inappropriate to comment further.

“For the avoidance of doubt, we can confirm that no clear source or cause of the incident was identified by external cyber security experts appointed to investigate, and that the EIS’s medical data system (PDMS) was not targeted or affected by this incident.”

British Cycling performance director Stephen Park said: “Following a data breach at the English Institute of Sport, we have communicated with all of our riders.

"We are satisfied that the data from this breach does not represent a significant risk to their privacy and additional support has been offered to everyone who has been directly affected. I would like to thank our colleagues at the EIS for their help throughout this process.”

In 2016, the World Anti Doping Agency (WADA) was hacked by the Fancy Bears Group, who revealed athletes' confidential medical information including Therapeutic Use Exemptions granted to the likes of Bradley Wiggins and Chris Froome. 

This included the use of asthma medication Salbutamol and the corticoid Triamcinolone Acetonide.

The Fancy Bears gained access to the Anti-Doping Administration and Management System [ADAMS] that was created for the Rio 2016 Olympic games. In response, WADA deactivated the Rio 2016 ADAMS account, disabled the 'forgot password' feature and increased its security as well as deactivating dormant accounts.

Michelle Arthurs-Brennan
Michelle Arthurs-Brennan

Cycling Weekly's Tech Editor Michelle Arthurs-Brennan is a traditional journalist by trade, having begun her career working for a local newspaper before spending a few years at Evans Cycles, then combining the two with a career in cycling journalism.

When not typing or testing, Michelle is a road racer who also enjoys track riding and the occasional time trial, though dabbles in off-road riding too (either on a mountain bike, or a 'gravel bike'). She is passionate about supporting grassroots women's racing and founded the women's road race team 1904rt.

Favourite bikes include a custom carbon Werking road bike as well as the Specialized Tarmac SL6. 

Height: 166cm

Weight: 56kg