IOTW: Red Cross confirms cyber-attack compromising personal data

The personal data and information of over 500,000 vulnerable people has been compromised in an attack targeting the humanitarian organization

Add bookmark

Red Cross confirms cyber-attack compromising personal data

The International Committee of the Red Cross (ICRC) has been subject to a cyber-attack against its computer servers. 

On 19 January 2022 the ICRC confirmed in a statement that a cyber-attack has compromised the personal data and confidential information of more than 515,000 “highly vulnerable” people.

This includes people “separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.
The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

With more than 140,000 members, Cyber Security Hub is the vibrant community connecting cyber security professionals around the world.

Risks following the breach

The ICRC has no immediate indications as to who carried out this cyber-attack, which targeted an external company in Switzerland the ICRC contracts to store data.

The ICRC says its more pressing concern now is the potential risks that may come following the breach, including confidential information being shared publicly, which there is no indication of yet.


Robert Mardini, director-general of the ICRC, appealed to those who may have carried out the attack: “Please do the right thing. Do not share, sell, leak or otherwise use this data”.

"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised," said Mardini. "This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk."

The ICRC runs a program called Restoring Family Links and that website is currently down for maintenance.

Who and why?

It is difficult to discover both intent and who is responsible for such an attack.

However, speaking to CS Hub, Dan Lohrmann, field CISO for public sector and client advisor at Presidio, shared some of his thoughts.

First it could be a general attack, in the same way that most international organizations are targeted.

“The desire to penetrate large organizations and go sideways to gain any data that may be valuable is a global problem. This is similar to ransomware attacks hitting thousands of organizations globally over the past few years,” he told CS Hub.

Second, it could be a more specific targeted attack. Here the attackers are likely to be looking for information about the program(s) with specific intent to embarrass or reveal information that is against policy and/or to influence public opinion, uncover unknown activities or other purposes.

Finally, Lohrmann said it could be “something even more specific related to ongoing nation-state plans, wars or conflicts. There are many examples of this around the world at the moment”.

Lohrmann is continuing to gather data on the incident but said he has no specific inside information at the time of writing.