A hacking group appears to have accessed the World Anti-Doping Agency’s (WADA) Anti-Doping Administration and Management System (ADAMS), exposing adverse analytical findings (AAFs) reported by US medal winners at the Rio 2016 Olympics, as well as their use of therapeutic use exemptions (TUE). WADA has been notified about the documents accessed by the group which if authentic, comprise a serious data breach. WADA has previously warned that it has been targeted by hacking groups. ‘We have sufficient reason to suspect that it is hackers from Russia and they are familiar to Western governments’, WADA’s Director General, Olivier Niggli, told NRK earlier this month.

An AAF means that a substance featuring on WADA’s Prohibited List has been found in an athlete sample, however it does not necessarily mean that an anti-doping rule violation (ADRV) has occurred. Many AAFs can be legitimately explained due to consumption of food or medicine to treat common illnesses (such as a cold). An AAF remains in the ADAMS database for ten years but, crucially, anti-doping organisations (ADOs) should not publish them unless they become an ADRV, which they are required to publish under Article 14.3 of the Code.

Likewise, a TUE is granted to athletes with an illness or medical condition that may be required to use medications of treatments that feature on WADA’s Prohibited List. As such, TUEs remain confidential unless the athlete decides to go public.

Documents seen by The Sports Integrity Initiative reveal a recent AAF by a medal winner at Rio 2016, however the substance concerned is commonly used in medical treatments. Other documents relating to the same athlete reveal a past TUE for a substance commonly used to treat the same medical condition. There is therefore no suggestion of any wrongdoing in connection with this athlete.

The documents also reveal another recent AAF reported by a second elite US athlete for a substance commonly used to treat a medical condition, as well as an existing TUE for a common medical issue. Another set of documents reveal past TUEs for a number of substances for two elite US athletes, all of which have expired. There is therefore no suggestion of any wrongdoing in connection with these athletes.

The hacking group said that the documents constituted evidence that US athletes used prohibited substances at the Rio 2016 Olympics by obtaining TUE certificates. However, most of the TUEs uncovered by the group have expired and the one that is still in existence appears to relate to a recognised medical condition. As explained above, the evidence of AAFs does not suggest that an ADRV has taken place, which means that the ADO concerned should not publish it and it should remain confidential.

There is therefore no evidence of any wrongdoing by any athlete or sporting organisation. The only wrongdoing appears to be on the part of the hacking group in accessing confidential athlete information contained within ADAMS, which is scheduled to be relaunched at the end of this year. The hacking group appears to be from Russia, although an IP address has been traced to the US and a physical address to France.