The International Committee of the Red Cross (ICRC) has revealed a data breach exposing information belonging to over half a million “highly vulnerable” people.
On January 19, the ICRC, the overseer of Red Cross operations, said the “sophisticated” attack was launched against an external company in Switzerland contracted by the Red Cross to store information.
According to the organization, records taken during the attack were collected from at least 60 Red Cross and Red Crescent National Societies.
The Red Cross is a humanitarian outfit that works with those impacted by conflict and war internationally.
In total, over 515,000 individuals are believed to have been impacted with many classed as “highly vulnerable” – including those separated from their families due to conflict and disasters, others classified as missing people, and individuals being held in detention centers.
It is not known who is responsible for the cyber-attack. At the time of writing, there is no evidence that the ICRC’s records have been leaked or shared online.
Appalling and perplexing
Robert Mardini, ICRC’s director general, called the cyber-attack “appalling and perplexing” and has pleaded with whoever is responsible not to publish the stolen information.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” Mardini said.
“The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”
Restoring Family Links, a program operated by the ICRC, Red Cross, and Red Crescent groups that try to reunite families caught up in conflicts or natural disasters, is now on pause due to the attack.
The organizations are trying to find workarounds to reboot the program and in the meantime an investigation has been launched to understand the scope of the data breach.
“Attackers will always find a weak link in the chain and exploit it,” commented Brian Higgins, security specialist at Comparitech.
“Now that this highly sensitive, humanitarian stolen data is in the wild, one can only support the Red Cross director general in his call.”