SafeSport’s Cybersecurity Breach – Athletes for Equity in Sport

A Statement by Athletes for Equity in Sport

OPENING UP THE CONVERSATION

“U.S. Center for SafeSport server hacked, sensitive documents potentially exposed”
The Athletic

“U.S. Center For SafeSport Information Reportedly Hacked”
Indiana Business Law

“The SafeSport Hack”
GymCastic: The Gymnastics Podcast
*Tune in to the first two related discussions beginning 1:40

FOLLOW US

On September 22, the U.S. Center for SafeSport experienced a cybersecurity breach. The information that may have been compromised includes highly sensitive data relating to SafeSport’s investigations including the identity of victims and witnesses as well as testimonial statements and confidential law enforcement files.

To protect the security and privacy of all parties whose confidential information may have been compromised, Athletes for Equity in Sport calls on the U.S. Center for Safe Sport to be fully transparent about the nature and extent of the cybersecurity breach, notify and work with all parties potentially affected to mitigate unauthorized disclosure of sensitive information and to take immediate steps to better secure its IT systems and computer networks in the future.

According to a report written by Katie Strang of The Athletic, SafeSport confirmed the breach to the publication but denied any evidence that “the Center was the target or that our data has been compromised in any way.” The breach was initially discovered when SafeSport employees could not access files on their server and they brought in an outside cybersecurity response team to investigate the breach. SafeSport’s outside counsel released to The Athletic that the information potentially at risk resided on the servers of one of the Center’s vendors which was the subject of a ransomware attack. To learn more about the ransomware hack, please tune into the podcast episode linked in “Opening the Conversation”.

Due to insufficient IT security measures, SafeSport was vulnerable to the cybersecurity breach and now faces the prospect that incredibly sensitive data could be utilized in nefarious ways when SafeSport’s sole mission is to foster a safe environment for athletes.

In addition to the concerns about data security and privacy, this most recent incident involving SafeSport raises further questions about SafeSport’s commitment to transparency and communication.

Athletes who are involved in ongoing SafeSport investigations were not informed directly of the data breach and only learned about the cybersecurity breach through word of mouth sparked by the article in The Athletic.

SafeSport has a legal, ethical and moral responsibility to inform all parties potentially involved that compromising data could have been stolen. SafeSport leaders should provide clear information about the steps SafeSport has taken and intends to take in the future to ensure the security and safekeeping of the highly sensitive information with which it is entrusted on behalf the athletes and all those under its jurisdiction that SafeSport has a responsibility to protect.

Media contact
Diane Carney
[email protected]

SOURCE Athletes for Equity in Sport Inc.

Executive Group
Athletes for Equity in Sport
AthletesForEquity.org

Facebook: Athletes for Equity in Sport

GoFundMe: Athletes for Equity in Sport