Skip to content

Illustration by Security Management

Cyberattack Harvests Sensitive Data on People Helped by the Red Cross

A cyberattack exposed personal and confidential data from more than 515,000 people who were helped by Red Cross and Red Crescent organizations.

In a press release from the International Committee of the Red Cross (ICRC), the organization said that the attack compromised information on people, including children, who are “highly vulnerable…including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

The attack forced ICRC to shut down the jointly run program Restoring Family Links, which works to reunite families separated by conflict, disaster, or migration. The ICRC estimates that the program, which was run by the ICRC and Red Cross and Red Crescent network, was reuniting an average of 12 missing persons with their respective families every day.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” said Robert Mardini, director-general for the ICRC. “This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.”

The attack was carried out against an unnamed contractor located in Switzerland that stores data for the ICRC. The data concerning these people came from at least 60 different Red Cross and Red Crescent National Societies—networks of staff and volunteers that operate as first responders to disasters—in various countries, according to the ICRC.

Currently, there have not been any signs that the information has been publicly leaked or shared, and no one yet has been identified as responsible or taken credit for the attack.

In an email to CNN, Red Cross spokesperson Elizabeth Shaw said that the organization is taking steps to “work with most concerned ICRC delegations and Red Cross and Red Crescent societies on the ground to find ways to inform individuals and families whose data may have been compromised, what measures are being taken to protect their data, and the risks they may possibly face.”

The stolen data included names, locations, and contact information, as well as staff and volunteer credentials used to access some of the organization’s programs, according to TechCrunch.

While this is the most significant attack on the organization, the ICRC is not the first international humanitarian or nonprofit to become a target. A few notable examples include the United Nations, when cyberattackers breached its computer systems in April 2021, and Philabundance, a Philadelphia-area hunger relief organization that was scammed out of almost $1 million, partly thanks to a phishing campaign.

“No organization, even those that have storied histories of doing good in the world, are safe from a cyberattack,” said Tom Garrubba, vice president for Shared Assessments, a global organization that promotes risk assurance best practices, tools, and education. “Additionally, nonprofit organizations must realize they and their vendors can also come under attack and it’s absolutely imperative to conduct ongoing and mature third party risk management.”

Garret Grajek, CEO of YouAttest, emphasized that organizations should operate under the assumption that their defenses are being tested by cyberattackers. “Identities are the treasure they seek,” Grajek said.