A Switzerland-based contractor working for the International Committee of the Red Cross has been hit by a cyberattack. Confidential details of more than 515,000 “highly vulnerable” individuals are thought to be at risk.
The details are thought to have come from the Red Cross’s Restoring Family Links program. The program aims to reunite families separated due to conflict, migration, or natural disasters. As such, it is feared that most of those put at risk by this data breach are already living with an incredibly trying situation. The Red Cross has already shut down this program following the incident, with no details on whether it will return or if something else will replace it. However, it is almost certain something will be put in place to help affected individuals.
The Red Cross hasn’t named the contractor that has fallen victim to the cyberattack, nor has it said what led to the incident. What is known is that the contractor in question was used for data storage and held data from at least 60 national Red Cross and Red Crescent organisations.
In a statement, the Red Cross pleaded with hackers not to leak or publicly share the data given its’ sensitivity.
The statement, which came from the International Committee of the Red Cross, read: “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
National Red Cross societies have also been issuing statements. You can read the statement from the British Red Cross here.
Red Cross details stolen information
A Red Cross spokesperson, Crystal Ashley Wells, told TechCrunch that the stolen data included:
- The names, locations, and contact information of the more than 515,000 people that were part of the Restoring Family Links program.
- Login information for approximately 2,000 Red Cross and Red Crescent staff who work on the Restoring Family Links program.
Among the 515,000 people within the Restoring Family Links program are missing people and their families, unaccompanied and separated children, detainees, and anyone else receiving aid from the Red Cross or Red Crescent organisations due to conflict, migration, or natural disasters.
Wells said that, due to system segmentation, data from other Red Cross programs wasn’t compromised during this attack.
Similar organisations coming under increasing attack
Organisations involved in human rights development, disaster relief, and other humanitarian groups are being increasingly targeted by cybercriminals. The most notable victims include the United Nations, which suffered a significant data breach in 2021 that may still be ongoing, and the United States Agency for International Development, which was targeted in an attack in early 2021 suspected to have been originated in Russia.