Confidential medical data of gold medal-winning gymnast Simone Biles, seven-time Grand Slam champion Venus Williams and basketball player Elena Delle Donne was hacked from a World Anti-Doping Agency database and posted online on Tuesday.
The Russian cyber espionage group called Fancy Bear published records of "Therapeutic Use Exemptions" (TUEs), which allow athletes to use otherwise-banned substances if they have a verified medical reason to do so, the Independent reports.
Williams, who revealed in 2011 she had been diagnosed with Sjogren's syndrome, an energy-sapping disease, issued a statement via her agent in which she said she was granted TUEs "when serious medical conditions have occurred," and those exemptions were "reviewed by an anonymous, independent group of doctors, and approved for legitimate medical reasons."
"I was disappointed to learn today that my private, medical data has been compromised by hackers and published without my permission," Williams said. "I have followed the rules established under the Tennis Anti-Doping Program in applying for, and being granted, 'therapeutic use exemption.'"
Women's basketball gold medalist Elena Delle Donne, who had thumb surgery on Tuesday and posted a post-op pic on Twitter, along with a statement saying she takes prescribed medication approved by WADA.
In a statement, USA Gymnastics said Biles — who won five medals, four gold, in Rio last month — was approved for an exemption and had not broken any rules. She wrote on Twitter that she's taken medication to treat ADHD since she was a child.
"Please know I believe in clean sport, have always followed the rules, and will continue to do so as fair play is critical to sport and is very important to me," Biles posted.
Fancy Bear claimed the "therapeutic use of exemptions" constituted evidence of doping US Olympians.
"After detailed studying of the hacked Wada databases we figured out that dozens of American athletes had tested positive" a statement from the group reads. "The RIO Olympic medallists regularly used illicit strong drugs justified by certificates of approval for therapeutic use. In other words, they just got their licenses for doping."
WADA previously warned of cyber attacks after investigators it had appointed published reports into Russian state-sponsored doping.
World Anti-Doping Agency director general Olivier Niggli said in a statement that it was "unthinkable for hackers to illegally obtain confidential medical information in an attempt to smear athletes to make it look as if they have done something wrong.
In fact, in each of the situations, the athlete has done everything right in adhering to the global rules for obtaining permission to use a needed medication."
He added: "These criminal acts are greatly compromising the effort by the global anti-doping community to re-establish trust in Russia," WADA said "extended its investigation with the relevant law enforcement authorities."
Last month, hackers obtained a database password for Russian runner Yuliya Stepanova, a whistleblower and key witness for the WADA investigations. She and her husband, a former official with the Russian national anti-doping agency, are now living at an undisclosed location in North America.
A spokesman for Russian President Vladimir Putin rejected WADA's statement blaming Russian hackers as unfounded. "There can be no talk about any official or government involvement, any involvement of Russian agencies in those actions. It's absolutely out of the question," spokesman Dmitry Peskov said in a statement carried by Russian news agencies. "Such unfounded accusations don't befit any organization, if they aren't backed by substance."
The International Olympic Committee said it "strongly condemns such methods which clearly aim at tarnishing the reputation of clean athletes."
"The IOC can confirm however that the athletes mentioned did not violate any anti-doping rules during the Olympic Games Rio 2016," the Olympic body said.
The top American anti-doping official said it was "unthinkable" to try to smear athletes who followed the rules and did nothing wrong.
"The cyberbullying of innocent athletes being engaged in by these hackers is cowardly and despicable," said Travis Tygart, CEO of the U.S. Anti-Doping Agency.
The agency said it believed the hack was carried out using spear-phishing emails to gather passwords for the WADA Anti-Doping and Management System(ADAMS) database.