Red Cross worried about misuse of stolen data by nation states and cybercriminals after hack

The Red Cross said it was "willing to communicate directly and confidentially with whoever may be responsible for this operation."
Written by Jonathan Greig, Contributor

The International Committee of the Red Cross (ICRC) has released an update about a cyberattack that led to a data breach affecting more than 500,000 vulnerable people receiving services from the organization. 

The ICRC expressed concern that the stolen data -- which was from its global Red Cross and Red Crescent Movement's Restoring Family Links services -- would be "used by States, non-state groups, or individuals to contact or find people to cause harm."

"This attack is an extreme violation of their privacy, safety, and right to receive humanitarian protection and assistance," the organization said. 

Restoring Family Links works to reconnect missing people and children with their families after wars, violence, or other issues. Last week, the ICRC said hackers accessed servers on January 18 that had the personal information of more than 515,000 people from across the world. 

The personal information includes the names, locations, and contact information of missing people and their families, unaccompanied or separated children, detainees, and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters, or migration. 

They added that the login information for about 2,000 Red Cross and Red Crescent staff and volunteers was also been breached. 

In a more detailed explanation of the attack, the ICRC said its cyber partners detected an anomaly on ICRC servers before doing a deep dive and determining that hackers had gotten into the system and gained access to sensitive data. 

"The nature of the attack meant we could not guarantee the integrity of the system, so we took the compromised servers offline. We are now going through each application log to better understand what occurred. We do not believe that the data has been tampered with at this time, but to be sure, we are hiring an independent audit firm to confirm this," the ICRC said.

"We do not know who is behind this attack. We have not had any contact with the hackers, and no ransom ask has been made. In line with our standing practice to engage with any actor who can facilitate or impede our humanitarian work, we are willing to communicate directly and confidentially with whoever may be responsible for this operation to impress upon them the need to respect our humanitarian action."

The ICRC noted that the attack did not target the company hosting their servers and was specifically aimed at their systems. 

The organization is in the process of working with local ICRC arms to inform people who had their data accessed during the attack and will be letting them know about what is being done to address the situation as well as any risks they may face. 

According to the ICRC, there is no current evidence that the information accessed has been released or traded. They are still figuring out ways to continue helping families separated by war or violence without the affected servers. 

"As a result of this breach, we have been forced to take the data hosting systems in question offline, severely limiting the humanitarian services we can offer to the over half a million people affected. States have mandated impartial humanitarian organizations, such as the ICRC, with specific responsibilities. These include collecting information on people reported missing in order to reconnect separated family members," the ICRC explained. 

"We need a safe and trusted digital humanitarian space in which our operational information, and most importantly the data collected from the people we serve, is secure. This attack has violated that safe digital humanitarian space in every way."

The ICRC also expressed concern that the attack would affect their ability to work with vulnerable populations who no longer trust them with sensitive information. 

They urged people concerned about their data to contact a local ICRC office for more information. 

Editorial standards