Red Cross cyberattack compromises data of more than 515,000 'highly vulnerable people'

Data is from people "separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention."

Updated: January 20, 2022 - 12:18pm

The Facts Inside Our Reporter’s Notebook

Links

More than 515,000 "highly vulnerable people" had their personal data compromised this week after a sophisticated cyberattack targeted the International Committee of the Red Cross.

The humanitarian agency announced Wednesday that the attack "compromised personal data and confidential information" from people "separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention."

Data from least 60 Red Cross and Red Crescent National Societies globally were affected by the attack. It is unclear who is responsible, but the agency does not believe the data has been leaked yet.

"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised," ICRC's Director-General Robert Mardini said. "This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk."

The now-compromised data was used by the ICRC to reconnect family members who have been separated by disaster or conflict.

The agency was forced to close down its Restoring Family Links program due to the attack. Mardini said the group reunites an average of 12 families every day through their work.

Mardini pleaded with the anonymous attacker: "Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.