Hackers have leaked over 50,000 files from the Polish Anti-Doping Agency (POLADA), revealing sensitive data of thousands of Polish athletes, including medical records and results of anti-doping tests. A government minister has suggested Russia or Belarus are behind the attack.
“The findings indicate that the attack is the action of a group supported by the services of an enemy state,” POLADA told newspaper Przegląd Sportowy which first reported on the story. “The case is currently under investigation and detailed technical analysis.”
Poważny wyciek danych Polskiej Agencji Antydopingowej jednym z najgorszych w historii Polskihttps://t.co/ZplFESJ52Q
Wyniki badań antydopingowych, historie medyczne, śledztwa i mnóstwo innych danych dotyczących polskich sportowców – a wszystko do pobrania online. pic.twitter.com/d86zAopqLz
— ZaufanaTrzeciaStrona @zaufanatrzeciastrona@infosec (@Zaufana3Strona) August 11, 2024
Last week, the hackers published 250 GB of files taken from POLADA’s systems containing, among other things, passwords, contact information, medical records, doping test results as well as photos of Polish athletes.
The group also took down POLADA’s website, which remains inaccessible at the time of writing. The hackers had previously warned about the upcoming leak on their Telegram channel, Beregini, which has been linked to Russian disinformation campaigns.
“The Olympic Games have long been turned into a political oppression instrument,” they wrote. “Therefore we decided to use the example of one of the EU countries to show what is really going on in the anti-doping agencies of countries controlled by the United States and found a lot of ‘skeletons’ in their closet.”
Sorry to interrupt your reading. The article continues below.
Notes from Poland is run by a small editorial team and published by an independent, non-profit foundation that is funded through donations from our readers. We cannot do what we do without your support.
POLADA has warned Polish athletes about the incident in an email that was later shared by Polish racing cyclist Wojciech Pszczolarski on X.
In the message, the agency apologised for the incident and assured the athletes that law-enforcement authorities, the data protection authority and the state Computer Emergency Response Team (CERT Polska) had been notified.
POLADA also confirmed that the leaked documents include names, home and email addresses, and phone numbers of athletes. However Polish media claim that they also contain more information.
W @POLADA_official dzień jak co dzień 🤡
Jak nie wysyłanie poufnych maili do nie tych adresatów, to udostępnianie, kradzieże danych osobowych…
Łamanie przepisów RODO to chleb powszedni w królestwie @micha_rynkowski 🤦♂️
Jak taka instytucja ma być wiarygodna ? 🙄@UODOgov_pl pic.twitter.com/DOA6n5nBgw
— Wojtek Pszczolarski 🐝 (@wojtekpszczola) August 8, 2024
In response to an inquiry from Przegląd Sportowy, Aleksandra Chalimoniuk, spokesperson for the sports and tourism ministry, called on people “not to reproduce the propaganda of a hostile state”.
“Providing such information does not help Polish athletes, who do not deserve it, especially at a time like this. On the contrary – they deserve trust,” she added.
Meanwhile, deputy digital affairs minister Paweł Olszewski told the Polish Press Agency (PAP) that all signs point to the hack originating in Russia or Belarus, both of whom were banned from the recent Paris Olympics.
“The temporal correlation is not coincidental and the direction of the attack, which is eastern, is not coincidental either,” he said. “We know that there are no representatives of the Russian Federation or Belarus at the Olympic Games”.
Poland has finished @Paris2024 with just one gold and 10 medals in total – its worst result since 1956.
The prime minister has suggested there are failings in how Polish sport is managed. But the head of the Olympic committee has blamed the government https://t.co/iS9OqF1RuB
— Notes from Poland 🇵🇱 (@notesfrompoland) August 11, 2024
In May, Polish government bodies were targetted by Fancy Bear, a Russian cyber espionage group working on behalf of the Kremlin.
Later that month, two false dispatches reporting that Poland was calling up 200,000 citizens for military service and sending them to Ukraine appeared on PAP’s website, with the incident also blamed on Russia hackers.
In June, the Polish government announced plans for a 3 billion zloty (€700 million) “cybershield” to protect the country’s critical infrastructure from growing malicious threats, in particular from Russia.
Poland has announced a €700m “cybershield” to protect critical infrastructure amid increasing attacks from Russia.
"We are on the front line of a cyberwar with Russia, which clearly wants to destabilise the situation in Europe," says the government https://t.co/QIO8HkK2iR
— Notes from Poland 🇵🇱 (@notesfrompoland) June 3, 2024
Main image credit: Augustas Didžgalvis/Wikimedia Commons (under CC BY-SA 4.0)
Agata Pyka is an assistant editor at Notes from Poland. She is a journalist and a political communication student at the University of Amsterdam. She specialises in Polish and European politics as well as investigative journalism and has previously written for Euractiv and The European Correspondent.
