Red Cross cyber-attack exposes personal data of over half a million vulnerable people

Hackers have targeted the International Red Cross and have stolen the personal details of about 515,000 “highly vulnerable” people. 

Red Cross is a humanitarian organisation that works with victims of war around the world, with many of its records relating to people who had fled conflicts. 

A statement from the International Committee of the Red Cross says, “A sophisticated cybersecurity attack against computer servers hosting information held by the International Committee of the Red Cross was detected this week. 

“The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.  

“The IRCR’s most pressing concern following this attack is the potential risks that come with this breach – including confidential information being shared publicly – for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families. When people go missing, the anguish and uncertainty for their families and friends is intense.”  

It is currently unclear who carried out the attack and there is no sign that the data has been leaked yet, but the ICRC has been forced to shut down the systems it uses to reunite families separated by war.  

The International Committee of the Red Cross Director-General Robert Mardini has said, “An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised.” 

Mardini has also appealed to the hackers, saying “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.” 

Humanitarian organisations are becoming increasingly appealing targets for hackers and cybercriminals due to their vast amount of personal, financial, and commercial data that could be of interest or monetary value. 

This current cyberattack is the most devastating attack the ICRC has experienced and highlights the increasing sophistication of cyberattacks.