Cyber attack on ICRC compromises data of over 515,000 vulnerable people
The sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week.
The attack compromised personal data and confidential information from at least 60 Red Cross and Red Crescent National Societies around the world, on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.
Robert Mardini, ICRC’s director-general, said:
Advertisement
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.
“Every day, the Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families. Cyber-attacks like this jeopardise that essential work. We are taking this breach extremely seriously. We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future.”
According to the ICRC, there are no immediate indications as to who carried out this cyber-attack, which targeted an external company in Switzerland it contracts to store data. In a statement given yesterday, 19 January, it said there was not yet any indication that the compromised information has been leaked or shared publicly.
However, the Restoring Family Links programme that it runs along with the wider Red Cross and Red Crescent network jointly has been impacted as a result of the attack. ICRC has had to shut down the systems underpinning programme’s work, affecting the Red Cross and Red Crescent Movement’s ability to reunite separated family members. It is attempting to identify workarounds to enable it to continue.
Commenting on the attack, Brian Higgins, security specialist at Comparitech said:
“Egregious attacks such as this are unfortunately becoming an occupational hazard for charity and relief organisations as the vital nature of the data they possess coupled with the extreme vulnerability of the individuals to whom it relates provides a highly attractive target for certain groups of cybercriminals.
“In the absence of any clear idea of motivation at this stage, the Red Cross is clearly doing everything they reasonably can to respond but I’m sure more information will soon come to light.
“It’s a sad yet sobering fact that network security is becoming more and more difficult as third party and supply chain organisations are vital elements of doing business in any sector, but it is almost impossible to implement consistent security protocols and defences across an entire enterprise. Attackers will always find a weak link in the chain and exploit it. Now that this highly sensitive, humanitarian stolen data is in the wild one can only support the Red Cross Director General in his call.”
Jamie Akhtar, CEO and Co-founder of CyberSmart also commented, saying:
“This attack perfectly demonstrates that no target is off the table for cybercriminals. And, once again, we’re discussing an attack that started in the organisation’s supply chain. Indirect attacks on large organisations are fast becoming a favoured tactic of cybercriminals; it’s often much easier to breach a supplier or subsidiary first.
“So we urge businesses big and small to start conversations with your supply chain. Share security practices, be transparent, and keep lines of communication open. It might just be the difference between successfully avoiding a breach or not.”