Red Cross pleads with hackers not to leak data on 515,000 vulnerable people
Hackers targeted an external contractor that stored data for the humanitarian organisation
The International Committee of the Red Cross (ICRC) has announced that a cyber attack on Wednesday compromised confidential data on more than 515,000 extremely vulnerable people.
The Geneva-based humanitarian agency said the breach, by unknown intruders, targeted an external contractor in Switzerland that stores data for ICRC.
The hackers targeted servers holding information on people who have been separated from their families due to migration, conflict, and disaster, as well as missing persons, their families, and people in detention.
The stolen data includes names, contact details and location information. It came from at least 60 Red Cross and Red Crescent National Societies: the networks of volunteers and personnel worldwide the Red Cross uses as first responders to disasters.
The ICRC said the breach was not a ransomware attack, but it forced the organisation to shut down IT systems supporting a programme called 'Restoring Family Links', which helps ICRC to reunite separated families.
It's unclear who is responsible for the attack, but ICRC's most pressing concern is the potential for the compromised data to be leaked.
In a statement, ICRC director-general Robert Mardini said the organisation wa "appalled and perplexed" to see humanitarian data being targeted by hackers.
While ICRC has no idea why the attack was conducted, Mardini said the Red Cross has an appeal to make to the perpetrators.
"Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering," he said.
Mardini added that the people affected by the breach are "among the world's least powerful" and hackers must not "share, sell, leak or otherwise use" such people's data.
The Red Cross Red Crescent Movement helps to reunite an average of 12 missing people with their families each day.
"That's a dozen joyful family reunifications every day. Cyber-attacks like this jeopardise that essential work."
Mardini added that ICRC was working closely with its humanitarian partners across the world to understand the scale of the incident, and would take all necessary steps to protect ICRC's data in the future.
Over the past few years, a series of cyber attacks have hit other organisations doing good work, including healthcare providers, impacting their services.
In May, Ireland's Health Service (HSE) was forced to shut down all its IT systems after suffering an attack that affected diagnostic services, and forced many hospitals to cancel appointments.
An investigation pinned the attack on the Conti group, which targeted more than 400 entities worldwide, of which 290 were located in the US. They included law enforcement agencies, municipalities, emergency medical services, 911 dispatch centres and other entities.