Sophisticated cyberattack targets Red Cross Red Crescent data on 500,000 people – Reuters

A sophisticated cyberattack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week.

The attack compromised the personal data and confidential information of more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data comes from at least 60 National Red Cross and Red Crescent Societies around the world.

The ICRC’s most pressing concern in the wake of this attack is the potential risks associated with this breach – including the public sharing of confidential information – for people whom the Red Cross Red Crescent network seeks to protect and help, as well as their families. When people go missing, the anguish and uncertainty for their families and friends is intense.

“An attack on the data of missing persons makes the anguish and suffering of families even more difficult to bear. We are all appalled and perplexed that this humanitarian information is being targeted and compromised,” said Robert Mardini, Director General of the ICRC. “This cyber-attack puts vulnerable people, those who already need humanitarian services, at additional risk.”

The ICRC has no immediate indications as to the author of this cyberattack, which targeted an external company in Switzerland with which the ICRC has contracted to store data. There is no indication yet that the compromised information has been leaked or shared publicly.

“While we don’t know who is responsible for this attack, or why they carried it out, we have this call out to them,” Mardini said. “Your actions could potentially cause even more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are some of the least powerful in the world. Please , do the right thing. Do not share, sell, disclose or otherwise use this data.”

The ICRC and the wider Red Cross Red Crescent network jointly run a program called Restoring Family Links which aims to reunite family members separated by conflict, disaster or migration. Due to the attack, we were forced to shut down the systems that underpin our work to restore family links, affecting the ability of the Red Cross and Red Crescent Movement to reunite separated family members. We are working as quickly as possible to identify workarounds to continue this vital work.

“Every day, the Red Cross and Red Crescent Movement helps reunite an average of 12 missing people with their families. That’s a dozen happy family reunifications every day. Cyberattacks like this undermine this vital work” , said Mr. Mardini. “We take this violation very seriously.
We are working closely with our humanitarian partners around the world to understand the scale of the attack and take appropriate steps to protect our data going forward.”

For more information please contact:

Crystal Wells, ICRC Geneva, at [email protected], or +41 79 642 80 56

Ewan Watson, ICRC Geneva, [email protected], or +41 79 244 64 70

Elizabeth Shaw, ICRC Washington, DC, at [email protected], or +1 202 361 1566

Comments are closed.