POLADA, the Polish Anti-Doping Agency, has dismissed files that showed covered-up doping violations by a number of their star athletes as “fake news” served by an “enemy state.”
A number of high-profile athletes were listed in the alleged leaks, including world #1 ranked tennis player Iga Swiatek and Barcelona FC striker Robert Lewandowski.
POLADA has said that there was a cyber-attack on their databases that resulted in the leak of 50,000 confidential files.
The attacks are reminiscent of the Fancy Bear attacks by a Russian hacking group between 2016 and 2019 that resulted in attacks on a number of anti-doping agencies , including WADA. That group leaked what they said were Therapeutic Use Exemption information for a number of high profile American athletes, including swimmers like Caeleb Dressel. The veracity of those leaks was never confirmed nor denied by anti-doping authorities.
Polish authorities have not yet specified which ‘enemy state’ they believe to have supported the attacks, though local media have reported that Russia or Belarus are the likely actors. Polish authorities they say that “the case is currently under investigation and detailed technical analysis.”
Poland, as the next stop west of Ukraine in Europe, has been one of the strongest supporters of Ukraine’s war with Poland and has taken in millions of Ukrainian refugees.
Information alleged to be from the POLADA files were leaked by an account on the social media platform X (formerly known as Twitter). The account that posted the alleged leaks claiming failed tests by star athletes has since been deactivated.
Other files, including hand-written notes, contain information about psychological evaluations of athletes, Therapeutic Use Exemptions, and other detailed reports.
Even if the information is not accurate, the leaks serve to further undermine global anti-doping systems in light of an ongoing and very public feud between USADA and WADA over Chinese anti-doping activities.
Cycler Wojciech Pszczolarski posted the apology email from POLADA sharing what information was stolen by hackers.
W @POLADA_official dzień jak co dzień 🤡
Jak nie wysyłanie poufnych maili do nie tych adresatów, to udostępnianie, kradzieże danych osobowych…
Łamanie przepisów RODO to chleb powszedni w królestwie @micha_rynkowski 🤦♂️
Jak taka instytucja ma być wiarygodna ? 🙄@UODOgov_pl pic.twitter.com/DOA6n5nBgw
— Wojtek Pszczolarski 🐝 (@wojtekpszczola) August 8, 2024
The letter did not indicate that any personal testing or medical information had been stolen.
Translated:
Notification of personal data breach
To: Recipients
Dear Sir/Madam,
We would like to inform you that there has been a breach of the database on the servers of the Polish Anti-Doping Agency (POLADA). The incident has been reported to law enforcement and the Personal Data Protection Office. Unfortunately, the stolen data was published on the Internet on August 6, 2024, which has resulted in a violation of your personal data protection rights as defined by Article 4, Section 12 of the GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
The disclosed data includes:
- First and last name
- Residential address
- Telephone number
- Email address
We sincerely apologize for any inconvenience caused. We will do our utmost to ensure that a similar situation does not happen again. To minimize the chances of such incidents occurring in the future, we have contacted CERT Polska and implemented all their security recommendations.
If you require any additional information regarding the incident or assistance, we kindly ask you to contact our GDPR specialist, Jacek Głowala, at tel. 791 00 22 52, or POLADA’s director, Hubert Dziudzik, via email: [email protected], tel. 22 629 52 06 ext. 22.
We apologize for the incident and commit to taking all necessary steps to protect your rights and freedoms.
Please be reminded that any person whose data has been disclosed or who is in possession of such data should:
- Be vigilant and aware that this data may be used for blackmail.
- Exercise increased caution, particularly with emails and phone calls. Verify the sender/number of the caller.
- Take advantage of the new option to freeze your PESEL number to minimize the risk of unauthorized use of your data in a bank (Freeze your PESEL number or cancel the freeze – Gov.pl – Portal Gov.pl (www.gov.pl)).
With respect,
POLADA Team
Lol “clean sports” are merely a polite fiction we maintain so that athletes (especially youth athletes) don’t go overboard with the drugs. You have to accept that all your favorite athletes are on something.
I feel half of everything on the internet is being hacked these days.
I wonder if there’s an ulterior motive behind the doping hacks being from a place with people that have a chip on their shoulder.