Data Stolen from Over 60 Red Cross Operations Globally
The data breach is the result of a sophisticated cyberattack on the computer servers which host ICRC information. The servers belong to a company based in Switzerland, which ICRC contracts to store its data. In a statement, the ICRC said the attack was detected earlier this week and said the attack put the affected vulnerable people at further risk. The stolen information is not limited to a particular Red Cross operation or mission. In fact, it comes from at least 60 Red Cross and Red Crescent National Societies from across the globe. At this time, the ICRC does not have any information on the attack perpetrator. Furthermore, there is no evidence that the stolen data is out in the public domain. The affected people include “those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention.” Robert Mardini, ICRC’s director-general, said, “we are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future.”
Red Cross Forced to Shut Down Restoring Family Link Program
The ICRC runs a program called Restoring Family Links along with the wider Red Cross and Red Crescent network. The program aims to reunite family members torn apart by conflict, disaster, migration, etc. Unfortunately, the attack has forced the ICRC to shut down systems that are crucial for the program. This in turn affects their ability to continue their efforts to reunite family members. “Every day, the Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families. That’s a dozen joyful family reunifications every day. Cyber-attacks like this jeopardize that essential work,” Mardini stated.
ICRC Urges Perpetrator to “Do the Right Thing”
In its statement, the ICRC said it was most concerned about the safety of the people and families the organization aims to help and protect. “An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Mardini said. “This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk,” he added. Mardini said the data belongs to some of the most distressed people in the world. He appealed to the hackers to refrain from doing anything that would put them in more danger. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.” Personal data breaches often lead to further cyber attacks. A cybercriminal can try to use information such as names, phone numbers, and email addresses to get more sensitive information, like bank account details. Check out our resource on phishing to learn more about such attacks, and what you can do to protect yourself.