Red Cross becomes victim of a cyberattack in which hackers seized the data of more than 515,000 people

A few days ago the servers that host the information of the International Committee of the Red Cross (ICRC) were the target of a cyberattack that compromised the confidential information of more than 500,000 people in vulnerable conditions, including migrants, victims of natural disasters, relatives of missing persons and prisoners around the world, impacting at least 60 divisions of the international organization.

The Red Cross and Red Crescent consider it a priority to address this security issue, as public disclosure of data exposed during the incident could put those affected at risk.

ICRC Director General Robert Mardini said: “We are appalled and perplexed to learn that this information, stored for humanitarian aid purposes, could be attacked and compromised.” Mardini stressed that the attack puts thousands of vulnerable people at risk.

At the moment details such as the identity of those responsible for the attack or the malware variant used are unknown, since it is only known that the attack was specifically directed against a technology firm based in Switzerland, a contractor of the Red Cross. There have also been no indications of malicious use or leakage of the compromised data.

This leak would mainly affect the Restoring Family Links program, with which the Red Cross seeks to help displaced people from their places of origin to find their relatives. Due to this cyberattack, the organization had to disconnect the systems associated with the program, without being able to propose a tentative date for its restoration; Mardini assures that the organizations will continue working to find a solution as soon as possible.

The official concluded by recalling the importance of carrying out these initiatives: “Every day, the Red Cross and Red Crescent help reunite an average of 12 missing people with their families. Cyber attacks like this jeopardize that essential work, so the incident needs to be seriously analyzed,” Mardini concludes.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.