Red Cross Hacked - Half A Million Victims At Risk

The International Committee of the Red Cross (ICRC) has disclosed a cyber attack on its data servers that compromised confidential information on more than half a million vulnerable people. 

The Geneva-based agency announced thet the breach by unknown intruders affected data on more than 515,000 people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.

Among the stolen data were names, locations, and contact information. The organisation said the data originated from at least 60 Red Cross and Red Crescent National Societies around the world and forced it to shut down systems around its Restoring Family Links programme, which aims to reunite family members separated by conflict, disaster or migration.

The threat actor is currently unidentified. However, it is understood that they executed the attack on a Switzerland-based contractor that stores the non-profit's data. There are no indications that the data has been leaked publicly.
“A sophisticated cyber security attack against computer servers hosting information held by the was detected this week,” it said in a statement. 

The ICRC offered no immediate indication as to who might have carried out the attack, although it did say that the hackers targeted an external company located in Switzerland that the ICRC contracts to store data. The data originated from at least 60 Red Cross and Red Crescent national societies around the world.

There was no evidence so far that the compromised information had been leaked or put in the public domain. The ICRC said its “most pressing concern” was the “potential risks that come with this breach, including confidential information being shared publicly - for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said the ICRC director general, Robert Mardini. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them... Please do the right thing. Do not share, sell, leak or otherwise use this data." An ICRC spokesman, said the organisation had never before experienced a hack of similar scale.

ICRC:      Guardian:   Al Jazeera:    The Register:      Portswigger:     BBC

You Might Also Read: 






 

« NATO & Ukraine Agree Deeper Cyber Co-operation
SAAS Malware Used To Attack Crypto Wallets »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NATO Communications and Information Agency (NCIA)

NATO Communications and Information Agency (NCIA)

The NCIA Cyber Security Service Line is responsible for planning and executing all life cycle management activities for cyber security.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

iProov

iProov

iProov delivers authentication and verification simply and securely, based on a genuine one-time biometric.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo

Cloud & Cyber Security Expo is the UK’s largest cloud and cyber security event.

ThreatModeler

ThreatModeler

ThreatModeler is an automated threat modeling solution that fortifies an enterprise’s Software Development Lifecycle by identifying, predicting and defining threats.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Research Institute in Secure Hardware and Embedded Systems (RISE)

Research Institute in Secure Hardware and Embedded Systems (RISE)

The UK Research Institute in Secure Hardware and Embedded Systems (RISE) seeks to identify and address key issues that underpin our understanding of Hardware Security.

Datenschutz Schmidt

Datenschutz Schmidt

Datenschutz Schmidt is a service provider with many years of experience, we support you in complying with numerous data protection guidelines, requirements and laws.

3i Infotech

3i Infotech

3i Infotech offers consulting & professional services to assess, design and build next gen IT infrastructure, and managed services to operate, optimize and continuously improve.

NPCERT

NPCERT

NPCERT is a team of Information Security experts formed to address the urgent need for the protection of national information and growing cybersecurity threat in Nepal.

Rite-Solutions

Rite-Solutions

Rite-Solutions is an award-winning software development, systems engineering, and information technology firm.

Cyver Core

Cyver Core

Cyver Core is a pentest management and pentest report automation platform that consolidates cybersecurity work, automates overhead, and frees cybersecurity professionals up for the work that matters.

Arksentry

Arksentry

ArkSentry is a modern penetration testing platform powered by highly vetted security experts. We make pentests easier, faster, and more affordable with powerful integrations built for today.