The International Committee of the Red Cross has said hackers broke into servers hosting its data and gained access to personal and confidential information on more than a half-million vulnerable people, some of whom had fled conflicts.
The Geneva-based agency said on Wednesday the breach by unknown intruders this week affected data about some 515,000 people “including those separated from their families due to conflict, migration, and disaster, missing persons and their families, and people in detention.”
It said the information originated in at least 60 Red Cross and Red Crescent chapters around the world.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Robert Mardini, the ICRC’s director-general, said in a statement.
“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”
ICRC said the breach targeted an external contractor in Switzerland that stores data for the humanitarian organisation, and there was no indication the information had been publicly shared or leaked.
We are appalled that this humanitarian information has been compromised.
Our most pressing concern now is the potential risks for people that the Red Cross and Red Crescent network seeks to protect and assist.@RMardiniICRC's response to the cyber attack 👇 pic.twitter.com/lBBGlnMf1p
— ICRC (@ICRC) January 20, 2022
Agency spokeswoman Crystal Wells said that while the ICRC cannot say for certain that the records were stolen “we feel it is likely.”
“We know that they have been inside our system and have had access to our data,” she went on.
Wells added that the ICRC did not want to speculate about who might be behind the intrusion.
Addressing the person or people behind the intrusion, Mardini issued an appeal: “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”
That suggests the ICRC suspects the culprits are criminals seeking to profit off the data — for purposes of ID theft, for instance.
The ICRC said the breach forced it to shut down systems around its “Restoring Family Links” program, which aims to reunite family members separated by conflict, disaster, or migration.
Ewan Watson, an ICRC spokesman, said the organization had never before experienced a hack of a similar scale.