Russian hackers leak medical files of US athletes including Venus and Serena Williams and Rio star Simone Biles

The World Anti-Doping Agency (Wada) has announced that its database was accessed by a Russian hacking group, which posted the confidential medical data of several US athletes online on Monday.

The cyber espionage group, known as Fancy Bear, released records on four female American Olympic athletes: tennis stars Serena and Venus Williams, gymnastics multi-gold medallist Simone Biles and basketball player Elena Delle Donne.

In each case, the hackers published records of so-called “Therapeutic Use Exemptions”, which permit athletes to use certain otherwise banned substances if they have a verified medical reason to do so. In making the disclosure, Fancy Bear said it planned to release more information in due course.

The group, also known as Tsar Team, claimed the Therapeutic Use Exemptions constituted evidence of doping by US Olympians. “After detailed studying of the hacked Wada databases we figured out that dozens of American athletes had tested positive,” the hackers said in a statement. “The Rio Olympic medallists regularly used illicit strong drugs justified by certificates of approval for therapeutic use. In other words, they just got their licences for doping.”

US Anti-Doping Agency (Usada) chief Travis Tygart said in a statement that it was “unthinkable” for hackers to “illegally obtain confidential medical information in an attempt to smear athletes to make it look as if they have done something wrong.” He added: “In fact, in each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication.”

Wada had previously warned that it might face cyberattacks, following its investigators’ revelations of Russian state-sponsored doping in the run-up to the Rio Games this summer. “These criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia,” said Olivier Niggli, the agency’s director general. “Wada deeply regrets this situation and is very conscious of the threat that it represents to athletes whose confidential information has been divulged.”

The agency said it believed the hack was carried out using spear-phishing emails to gather passwords for the Wada Anti-Doping Administration and Management System (Adams) database. Less than a month ago, the agency confirmed that a hacker had accessed the Adams account for Yuliya Stepanova, the Russian 800-metre runner who blew the whistle on the widespread doping among her country’s Olympic team.

More than 100 Russian athletes were subsequently banned from competing in Rio, following the publication of an independently commissioned Wada report, which found evidence of a Russian state-run doping programme going back at least four years.