Canadian Centre for Ethics in Sport

Our email system is now back up and running. On October 24, we shut down our email and Internet access after discovering that we were the target of a cyber attack.

Working with a leading cyber security firm and law enforcement officials, we’ve fortified the layers of protection around our IT systems to protect the personal data of athletes who are part of the Canadian Anti-Doping Program (CADP).

We apologize sincerely for any frustration and inconvenience this may have caused athletes, national and multi-sport organizations, and business partners. We’re grateful for your patience and understanding as we return to normal operations.

If you sent us an email recently and haven’t had a reply, there’s a good chance we never received it. Please send it again or call us at (613) 521-3340 or 1-800-672-7775.

Clearly, we’re concerned about the security breach and we’ll be monitoring the situation very closely. While we know our system was improperly accessed, the experts can’t confirm that any confidential data was stolen and they tell us that we may never know.

Following similar attacks against the World Anti-Doping Agency (WADA) and the U.S. Anti-Doping Agency (USADA), the hackers released medical information about some athletes who had applied for Therapeutic Use Exemptions (TUE), where treatment of an athlete’s condition or illness requires medication that is included on WADA’s Prohibited List.

Both organizations have vigorously defended those athletes, and that is exactly what the Canadian Centre for Ethics in Sport (CCES) would do under the same circumstances. The global anti-doping movement will not be dissuaded from its efforts to create a level playing field for clean athletes around the world.

WADA has cautioned athletes to never click on links in suspicious-looking emails. Access to WADA’s ADAMS system was disabled for a short period of time after WADA learned about a phishing email campaign targeting high-performance athletes who are subject to the World Anti-Doping Code.

As Canada’s national anti-doping agency, one of our most important responsibilities is the collection and protection of private information from high-performance athletes across dozens of different sports. For the vast majority of these athletes, the personal information we have on file is limited to names, addresses and telephone numbers only. For some, CCES also maintains information about athlete whereabouts. For a small minority of athletes, we collect personal information related to applications for TUEs.

Should you have questions or concerns about this situation, please contact CCES by calling (613) 521-3340 or 1 800-672-7775. You can also find a series of Questions and Answers below.

Questions and Answers

Has the problem with your email and Internet access been fixed?

Yes.

Working with a leading cyber security firm and law enforcement officials, we’ve fortified the layers of protection around our IT systems to protect our data.

Our email system is back up and running and we have secure access to the Internet.

If you sent us an email recently and haven’t had a reply, there’s a good chance we never received it. Please send it again or call us at (613) 521-3340 or 1-800-672-7775.

Was any data stolen?

While we know our system was improperly accessed, at this point the experts can’t confirm that any confidential data was stolen.

We can confirm that all of our IT systems are back up and running properly.

This is likely part of a broader campaign against the global anti-doping movement. There have been similar attacks recently against the World Anti-Doping Agency (WADA) and the U.S. Anti-Doping Agency (USADA).

As Canada’s national anti-doping agency, one of our most important responsibilities is the collection and protection of private information from high performance athletes across dozens of different sports. For the vast majority of these athletes, the personal information we have on file is limited to names, addresses and telephone numbers.

For some, CCES also maintains information about athlete whereabouts. And for a small minority of athletes, medical information is collected as part of an application for a Therapeutic Use Exemption (TUE), where treatment of an athlete’s illness or condition requires medication that is included on the WADA’s Prohibited List.

In the case of the cyber attacks against WADA and USADA, the hackers released TUE information about some athletes. Both organizations have vigorously defended those athletes, and that is exactly what the CCES would do under the same circumstances.

Who or what was responsible for the cyber attack?

We first became aware of the problem in mid-October when the Canadian Cyber Incident Response Centre detected a cyber attack.

We engaged the services of a leading forensic security firm to determine the extent of the breach and how best to resolve it.

The experts tell us this is likely part of a broader campaign against the global anti-doping movement. There have been similar attacks recently against the World Anti-Doping Agency (WADA) and the U.S. Anti-Doping Agency (USADA).

How did you learn of the problem?

There has been a lot of international interest in recent weeks about a security breach at WADA by a group known as “Fancy Bears.”

As a result, we became more vigilant about wanting to ensure the safety of our own data. When a breach was confirmed by the Canadian Cyber Incident Response Centre, we cut off access to the Internet and shut down our email system.

Are you concerned there might be another attack?

We are closely monitoring our systems to protect against any future cyber attacks.

How can you be sure that athlete whereabouts information isn’t being stolen by this hacker group?

Athlete whereabouts information is stored in WADA’s Anti-Doping Administration and Management System (ADAMS).

Access to that system was disabled for a short period of time after WADA learned about a phishing email campaign targeting high performance athletes who are subject to the World Anti-Doping Code.

ADAMS is back up and running and athletes can be reassured that their whereabouts information is secure.

In the meantime, WADA is reminding all ADAMS users to never click on links in suspicious-looking emails.

What should I do if I have concerns about the security breach?

If you have any questions or concerns, please contact CCES directly: (613) 521-3340 or (toll-free) 1 800-672-7775 or email [email protected].