Red Cross Data Breach: 515,000 People Affected

Data Breach Exposes Sensitive Information of Over 515,000 Vulnerable Individuals

A cyberattack impacting a contractor utilized by the International Committee of the Red Cross (ICRC) has resulted in the exposure of confidential data pertaining to more than 515,000 individuals identified as “highly vulnerable.” Many of those affected have experienced family separation due to conflict, migration, or disaster.

Details of the Incident

The ICRC has refrained from disclosing the name of the Switzerland-based contractor responsible for data storage. Furthermore, the organization has not specified the precise cause of the security breach. However, it has been confirmed that the compromised data originates from at least 60 Red Cross and Red Crescent national societies.

The international organization issued a direct appeal to the perpetrators. They urged them to refrain from public dissemination or leakage of the sensitive information.

ICRC's Plea to the Attackers

“The actions you take have the potential to inflict further harm and suffering on individuals who have already endured immense hardship. The individuals and families whose information you now possess are among the most vulnerable in the world. We implore you to act responsibly. Do not share, sell, leak, or otherwise utilize this data,” the statement emphasized.

Restoring Family Links Program Suspended

Following the data breach, the ICRC temporarily suspended its Restoring Family Links program. This program is dedicated to reuniting family members who have been separated by conflict or disaster.

Nature of the Compromised Data

According to a Red Cross spokesperson who spoke with TechCrunch, the stolen information encompassed names, locations, and contact details. Additionally, credentials used to access certain ICRC programs were also compromised.

The breach involved personal data including the names, locations, and contact information of over 515,000 people. This includes individuals reported missing and their families, unaccompanied or separated children, detainees, and others receiving assistance from the Red Cross and Red Crescent Movement due to armed conflict, natural disasters, or migration.

Login credentials for approximately 2,000 Red Cross and Red Crescent staff and volunteers involved in these programs were also compromised. ICRC spokesperson Crystal Ashley Wells stated that no other ICRC information was affected, due to the segmentation of their systems.

Rising Trend of Attacks on Humanitarian Organizations

Human rights organizations and disaster relief agencies are facing an increasing number of cyberattacks. Last year, the United Nations experienced a network breach attributed to unidentified cyberattackers. Microsoft also revealed that the U.S. Agency for International Development was targeted in an attempt to distribute malicious emails to a large number of recipients.

This article was updated with comments from the Red Cross. Carly Page contributed to the reporting.