Personal Information of More Than Half a Million at Risk After Red Cross Cyber-Attack
Table of Contents
- By David Lukic
- Published: Jan 20, 2022
- Last Updated: Mar 18, 2022
A cyber-attack levied on the Red Cross has jeopardized the highly sensitive personal information of 515,000 individuals. The organization has requested that the digital attackers not leak, sell, or share the information plucked from its database.
How did the Attack Occur?
According to the International Committee of the Red Cross (ICRC), the information stolen from Red Cross is the result of a supply chain cyberattack. Though the organization has not released any information about the digital attacker or why the attack occurred, the ICRC states the breach zeroed in on an external business located in Switzerland. This outside company is a data storage specialist that does business with the Red Cross. At of the time of this publication, there is no word as to whether the stolen information has been shared on the dark web, sold, or otherwise leaked to nefarious parties.
What Type of Information was Exposed?
The hackers obtained information about individuals served by the Red Cross. That exposed data includes information about individuals separated from their loved ones, data pertaining to missing individuals, individuals in detention, disaster, and migration.
The stolen data stems from 60+ Red Cross offices as well as some Red Crescent National Societies across the globe. The ICRC’s description of the cyber-attack on its Twitter account reveals there is the potential for the data breach to impact individuals across the 100 countries where the organization provides services. However, when pressed for more information about the data breach, the ICRC refused to provide additional comment.
What is the Red Cross Doing About the Attack?
The Red Cross indicates it has asked the hackers not to use the data for criminal purposes. The organization insists it communicated that the misuse of the illegally accessed data would make the already fragile victims that much more vulnerable. Red Cross representatives also requested that the digital attackers halt their attempts to steal more information as they have targeted a highly sensitive group of people.
The Director General of the organization, Robert Mardini, released a public statement to make it clear he is “perplexed” by the cyber attack on the humanitarian organization. He went on to detail how the digital attack puts vulnerable individuals in harm’s way. Mardini directly addressed the hackers, asking them to cease the digital infiltration and return the stolen data to the Red Cross. He also highlighted how the hackers’ actions will cause additional unnecessary pain and suffering to individuals who’ve already lived difficult lives.
Why was the Red Cross Targeted?
Though Red Cross representatives have not stated why their organization was targeted by the hackers, it isn’t the first time a charitable organization has been hit by a cyber-attack. The Red Cross and other relief organizations store personal information pertaining to millions of individuals. This valuable data makes such organizations appealing targets for hacking groups.
The digital attack is somewhat ironic considering the Red Cross fiercely advocated for taking extensive measures to protect sensitive data in its handbook published in the summer of 2020. The handbook is a component of the ICRC Data Protection in Humanitarian Action initiative. This project publicizes insightful opinions and facts pertaining to the protection of sensitive data, striving to help humanitarian groups process, store, and protect personal data.