Red Cross Hacked - Half A Million Victims At Risk

Uploaded on 2022-01-24 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, INTELLIGENCE--International, FREE TO VIEW

The International Committee of the Red Cross (ICRC) has disclosed a cyber attack on its data servers that compromised confidential information on more than half a million vulnerable people. 

The Geneva-based agency announced thet the breach by unknown intruders affected data on more than 515,000 people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.

Among the stolen data were names, locations, and contact information. The organisation said the data originated from at least 60 Red Cross and Red Crescent National Societies around the world and forced it to shut down systems around its Restoring Family Links programme, which aims to reunite family members separated by conflict, disaster or migration.

The threat actor is currently unidentified. However, it is understood that they executed the attack on a Switzerland-based contractor that stores the non-profit's data. There are no indications that the data has been leaked publicly.
“A sophisticated cyber security attack against computer servers hosting information held by the was detected this week,” it said in a statement. 

The ICRC offered no immediate indication as to who might have carried out the attack, although it did say that the hackers targeted an external company located in Switzerland that the ICRC contracts to store data. The data originated from at least 60 Red Cross and Red Crescent national societies around the world.

There was no evidence so far that the compromised information had been leaked or put in the public domain. The ICRC said its “most pressing concern” was the “potential risks that come with this breach, including confidential information being shared publicly - for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said the ICRC director general, Robert Mardini. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them... Please do the right thing. Do not share, sell, leak or otherwise use this data." An ICRC spokesman, said the organisation had never before experienced a hack of similar scale.

ICRC:      Guardian:   Al Jazeera:    The Register:      Portswigger:     BBC

You Might Also Read: 






 

« NATO & Ukraine Agree Deeper Cyber Co-operation
SAAS Malware Used To Attack Crypto Wallets »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Komodo Consulting (KomodoSec)

Komodo Consulting (KomodoSec)

Komodo Consulting specializes in Penetration Testing and Red-Team Excercises, Cyber Threat Intelligence, Incident Response and Application Security.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

CSIRT-CY

CSIRT-CY

CSIRT-CY is the National Computer Security Incident Response Team for Cyprus.

OpenZeppelin

OpenZeppelin

OpenZeppelin builds developer tools and performs security audits for distributed systems that power multimillion-dollar economies.

Cloud GRC

Cloud GRC

Cloud GRC is an innovative cybersecurity company with solutions and expertise in Cybersecurity Strategies & Frameworks, Threat & Risk Assessment, Cloud Security, and Regulatory Compliance Requirements

Tangible Security

Tangible Security

Tangible employs the most sophisticated cyber security tools and techniques available to protect our clients’ sensitive data, infrastructure and competitive advantage.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

Actelis Networks

Actelis Networks

Actelis Networks is a market leader in cyber-hardened, rapid deployment networking solutions for wide-area IoT applications.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.