Red Cross Falls Victim to Massive Cyberattack
The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday.
“A sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week,” it said in a statement.
“The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”
The body, which has its headquarters in Geneva, had no immediate indication as to who might have carried out the attack.
It said the hackers targeted an external company in Switzerland that the ICRC contracts to store data. There was no evidence so far that the compromised information had been leaked or put in the public domain.
The ICRC said its “most pressing concern” was the “potential risks that come with this breach — including confidential information being shared publicly — for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.
The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said ICRC director-general, Robert Mardini.
“This cyberattack puts vulnerable people, those already in need of humanitarian services, at further risk.”
And he called on those responsible to “do the right thing — do not share, sell, leak or otherwise use this data”.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” he added.
As a result of the attack, the ICRC had been forced to shut down the computer systems underpinning its Restoring Family Links programme that seeks to reunite family members separated by conflict, disaster or migration, the statement said.
“We are working as quickly as possible to identify workarounds to continue this vital work,” it added.