"The IAAF has been a victim of a cyber attack which it believes has compromised athletes' Therapeutic Use Exemption (TUE) applications stored on IAAF servers," the IAAF said in a statement.
The press release also said that the attack was detected on February 21, and the investigation conducted by a cybersecurity firm contracted by the IAAF discovered that the metadata on TUEs was taken from the organization's server and placed in a separate file.
The investigation also found that the attack was carried out by Fancy Bear hacker group.
The IAAF said that it was not clear if the information had been stolen, but it was evident that the attackers "had access and means to obtain content from this file at will."
The organization reached out to all of the athletes who had applied for TUEs since 2012, providing them with an e-mail address for any questions they might have regarding this incident.
A TUE, if granted, allows athletes to use medication that is otherwise banned because of an illness.
Never miss a story again — sign up to our Telegram channel and we'll keep you up to speed!