Servers that host information on more than 515,000 people receiving aid from the Red Cross and Red Crescent Movement were breached by cyberattacks, the International Committee of the Red Cross (ICRC) announced. The attacks compromised information on recipients of Red Cross and Red Crescent Movement’s Restoring Family Links services, which reconnects people separated by migration, violence, war and other causes.
The servers, within which both the data and applications were maintained by the ICRC, have since been taken offline, restricting the services the organization can offer to affected individuals.
The compromised data includes names, locations and contact information of missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement. Additionally, login information for around 2,000 Red Cross and Red Crescent staff and volunteers was also compromised.
According to an ICRC spokesperson, investigations have revealed there were at least two breaches. The first breach occurred on Nov. 9, and further investigations revealed there was a breach on Jan. 18. The spokesperson indicated there had been no breaches since Jan. 19, when the organization announced the attack. The ICRC is working with both private investigators and national authorities on the matter.
“We have been warning, at ICRC for years now, of an increase in cyberattacks on healthcare facilities as well as our increasing concern about data protection in humanitarian situations,” ICRC Director General Robert Mardini said via a video statement. “Now an attack has directly targeted us. We don’t know who carried out this cyberattack. And there is not yet any indication that the compromised information has been shared publicly.”
Mardini made an appeal to the hackers: “The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, send, leak, or otherwise use this data.”
According to a statement from the ICRC, the hackers had the opportunity to copy and export the data, but as of Jan. 21 there was no indication the data had been published or traded. The data still exists on the ICRC servers.