According to a report written by Katie Strang of The Athletic, the security of confidential information held by the U.S. Center for Safe Sport, Inc. (SafeSport or the Center) may have been compromised by computer hackers. SafeSport is responsible for investigating allegations of sexual misconduct in the amateur sports organizations that are under the umbrella of the U.S. Olympic and Paralympic Committee (USOPC). The information that may have been compromised includes the identity of and statements from persons who reported the allegations, alleged victims, persons accused of misconduct, and other witnesses, as well as police reports and other information. According to the Center’s website on November 27, 2020, SafeSport has received 6,497 reports and found violations and imposed sanctions in 847 cases, including the banning of 297 individuals from participating in any fashion in any organization under the USOPC’s umbrella.
Strang reports that, on September 22, 2020, SafeSport employees in the Center’s office of Response and Resolutions were unable to access their data files. That office is responsible for conducting the investigations of reports of sexual misconduct received by the Center. Shortly after that, the Center’s chief operating and financial officer informed its employees of the possible breach. A letter to employees said that SafeSport was working with its legal counsel and a computer security team to assess the degree of potential unauthorized access. In response to an inquiry by The Athletic, the Center confirmed a breach but claimed that the security of the information was not compromised by the “generalized data security incident.”
The Center’s spokesperson Dan Hill issued the following statement to The Athletic:
The U.S. Center for SafeSport responded swiftly to news that one of its vendors experienced a generalized data security incident. From information gathered from the vendor, as well as two external, independent cyber-security teams retained by the Center, it has been confirmed that none of the Center’s data was compromised. It has also been confirmed that the attack was not directed at the Center. In accordance with best practices we are closely monitoring the situation but no additional actions are warranted at this time. SafeSport takes these issues seriously which is why it commissioned a cyber-security audit months prior to this incident. Recommendations made in the audit were acted upon including the hiring of a highly qualified IT professional.
SafeSport’s outside counsel told The Athletic that the information potentially at risk resided on the servers of one of the Center’s vendors which was the subject of a ransomware attack. The Athletic attributed to an anonymous source the information that, the Center’s leadership, including CEO Ju’Riese Colon and Director of Investigations and Outcomes Michael Henry, had been warned the Center was at risk of a cyberattack and that its data security was inadequate. Henry resigned as of September 18, 2020.
Hill’s statement to The Athletic has apparently not been widely released. As of the date of this article, we could find nothing about a security breach on the Center’s website or in any other report of SafeSport press releases. Even so, the Center’s outside counsel told The Athletic that a report has been submitted to the FBI’s Internet Crime Complaint Center.
The entire article from The Athletic is available only with a subscription. Currently, a 12-month trial subscription is available for $1.00 per month.