Red Cross Hacked - Half A Million Victims At Risk

The International Committee of the Red Cross (ICRC) has disclosed a cyber attack on its data servers that compromised confidential information on more than half a million vulnerable people. 

The Geneva-based agency announced thet the breach by unknown intruders affected data on more than 515,000 people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.

Among the stolen data were names, locations, and contact information. The organisation said the data originated from at least 60 Red Cross and Red Crescent National Societies around the world and forced it to shut down systems around its Restoring Family Links programme, which aims to reunite family members separated by conflict, disaster or migration.

The threat actor is currently unidentified. However, it is understood that they executed the attack on a Switzerland-based contractor that stores the non-profit's data. There are no indications that the data has been leaked publicly.
“A sophisticated cyber security attack against computer servers hosting information held by the was detected this week,” it said in a statement. 

The ICRC offered no immediate indication as to who might have carried out the attack, although it did say that the hackers targeted an external company located in Switzerland that the ICRC contracts to store data. The data originated from at least 60 Red Cross and Red Crescent national societies around the world.

There was no evidence so far that the compromised information had been leaked or put in the public domain. The ICRC said its “most pressing concern” was the “potential risks that come with this breach, including confidential information being shared publicly - for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said the ICRC director general, Robert Mardini. "While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them... Please do the right thing. Do not share, sell, leak or otherwise use this data." An ICRC spokesman, said the organisation had never before experienced a hack of similar scale.

ICRC:      Guardian:   Al Jazeera:    The Register:      Portswigger:     BBC

You Might Also Read: 






 

« NATO & Ukraine Agree Deeper Cyber Co-operation
SAAS Malware Used To Attack Crypto Wallets »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Sapphire

Sapphire

Sapphire deliver flexible and scalable cybersecurity solutions, helping organisations to detect, protect, respond and remediate against cyber threats.

Cobalt Labs

Cobalt Labs

Pen Testing as a Service for Modern SaaS Businesses. Cobalt is redefining the modern pen test for companies who want serious hacker-like testing built into their development cycle.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Spire Solutions

Spire Solutions

Spire Solutions is the Middle East & Africa region’s leading cybersecurity solution provider and value-added distributor (VAD).

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

White Bullet

White Bullet

White Bullet’s risk profiling AI detects, dynamically scores and flags unsafe domains, apps and advertising.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Newtec Services

Newtec Services

IT should be responsive, adaptive, and smart. Now more than ever, you need a business that runs efficiently and can adapt to today's challenges. We can help with custom IT solutions.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Hackuity

Hackuity

Hackuity is a breakthrough technology solution that rethinks the way of managing IT vulnerabilities in enterprises.

Cognilytica

Cognilytica

Cognilytica’s Cognitive Project Management for AI (CPMAI) training and certification is recognized around the world as the best practices methodology for implementing successful AI & ML projects.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Exacom

Exacom

Exacom is a leading provider of multimedia logging/recording solutions across public safety, government, DoD, energy, utilities, transportation, and security applications.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.