Recently, the Red Cross reported that a cyberattack on a third-party contractor compromised the data of more than 515,000 people.
The Red Cross announced that hackers targeted an external company in Switzerland that the organization uses to store data. Recently, the ICRC discovered a breach at its central servers, and the criminals made off with precious data. There is no indication as to who might have carried out the attack, and the exact method of the hack isn’t straightforward.
During this attack, personal data and confidential information of over 515,000 “highly vulnerable people,” including people separated from their families by conflict, disaster, or migration.
The Red Cross’s most pressing concern following this attack is the potential risks of this breach. The attacker[s] may share confidential information for people the ICRC and Red Crescent network seeks to assist and protect, as well as their families
“An attack on the data of missing people makes the anguish and suffering for families even more difficult to endure. We are all appalled and baffled that this humanitarian information would be targeted and compromised,” said Robert Mardini.
This attack has forced the Red Cross to shut down the systems that support a program that reunites these families. ”Because of this attack, we have been obliged to shut down the systems underpinning our restoring family links work, affecting the Red Cross and Red Crescent Movement’s ability to reunite separated family members,” It said in a statement. According to the organization, records taken by the hackers during the attack were collected from at least 60 ICRC and Red Crescent National Societies.
The ICRC has appealed to the hackers to “do the right thing” by not using, selling, or sharing any data.
“The real people, the real families behind the information you now have, are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data,” Mardini added.
The ICRC said it was most concerned that the confidential information people shared was leaked in the breach. According to the ICRC, there is currently no indication that any of the data has been leaked or shared publicly nor has it been made uploaded to hacker forums.