Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People

Red Cross Cyber Attack Exposes Data of 515,000 Vulnerable People
International Committee of the Red Cross. Image: ICRC

The International Committee of the Red Cross (the ICRC) has revealed it was the victim of a sophisticated cyber attack, which has affected more than 515,000 vulnerable individuals around the world.

Originally founded in 1863, the International Committee of the Red Cross (ICRC, or simply, the “Red Cross”) is a vast humanitarian aid organisation known for helping at-risk populations throughout the world — including victims of war, refugees, and others affected by armed conflict and natural disaster. Operating in over 100 different countries, the ICRC annually doles out billions to provide medical services and housing to its recipients. And, apparently, somebody thought it would be a great idea to hack them.

In a statement, the organisation said the sophisticated cyber attack was against computer servers hosting information held by the ICRC. The external company the ICRC contracts to store data is based in Switzerland.

The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.

The ICRC confirmed the data caught up in the attack originated from at least 60 Red Cross and Red Crescent National Societies from around the world.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” ICRC director-general Robert Mardini said.

“This cyber attack puts vulnerable people, those already in need of humanitarian services, at further risk.”

The Red Cross says it has no immediate indications as to who carried out this cyber attack and that there is not yet any indication that the compromised information has been leaked or shared publicly. But it did make an appeal:

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

The Red Cross said it is working closely with its humanitarian partners worldwide to understand the scope of the cyber attack and take the appropriate measures to safeguard ICRC data in the future.

This post has been updated since it was first published and will be amended again once we learn more.