A cyberattack on a Red Cross contactor resulted in the theft of personal data for more than 515,000 highly vulnerable people seeking missing families.
The infamous attack was disclosed by the International Committee of the Red Cross (ICRC), which confirmed that the data originated from at least 60 different Red Cross and Red Crescent National Societies worldwide.
Stolen data includes information belonging to individuals separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, ICRC’s director-general. “This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.”
The contractor targeted by the attackers is an external company in Switzerland that stores data for the organization. At this time the organization has yet to discover who is behind the attack and the motivation, it has no indication that the compromised information has been leaked.
“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” said Mr Mardini. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
ICRC shut down the systems and website for the Restoring Family Links program that was hit by the attackers.
“We are working as quickly as possible to identify workarounds to continue this vital work,” it added.
(SecurityAffairs – hacking, Red Cross)