Cyberattack on ICRC exposes data on 515,000 vulnerable people

The International Committee of the Red Cross says the intruders and their motive for the hacking are unknown.

Robert Mardini speaks at the news conference
Robert Mardini, ICRC's director-general, said the organisation is 'appalled and perplexed' that humanitarian information would be targeted and compromised [File: Mohammed Huwais/AFP]

The International Committee of the Red Cross (ICRC) says there has been a hacking attack on its data servers that compromised confidential information on more than half a million vulnerable people.

The Geneva-based agency said on Wednesday the breach by unknown intruders this week affected data on more than 515,000 people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.

The information originated in at least 60 Red Cross and Red Crescent chapters around the world.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Robert Mardini, the ICRC’s director-general, said in a statement.

“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”

External contractor

ICRC said the breach targeted an external contractor in Switzerland that stores data for the humanitarian organisation, and there was no indication the information had been publicly shared or leaked.

Agency spokeswoman Crystal Wells said while the ICRC cannot say for certain that the records were stolen “we feel it is likely. We know that they have been inside our system and have had access to our data”.

Wells said the ICRC did not want to speculate about who might be behind the intrusion.

Addressing the person or people behind the attack, Mardini issued an appeal: “The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

That suggests the ICRC suspects the culprits are criminals seeking to profit off the data – for purposes of identity theft, for instance.

The ICRC said the breach forced it to shut down systems around its Restoring Family Links programme, which aims to reunite family members separated by conflict, disaster or migration.

Ewan Watson, an ICRC spokesman, said the organisation had never before experienced a hack of similar scale.

Red Cross flag
An ICRC flag flutters on the top of the organisation’s headquarters in Geneva [File: Fabrice Coffrini/AFP]
Source: News Agencies