Cyberattack on Red Cross, data of 515,000 vulnerable people compromised

Sicherheit (Pexels, allgemeine Nutzung)[German]This week, a sophisticated cyberattack on servers storing information belonging to the International Committee of the Red Cross (ICRC) was discovered week. The attack compromised personal data and confidential information on more than 515,000 vulnerable people. The data came from at least 60 Red Cross and Red Crescent National Societies around the world.


I became aware of the facts through various posts, which were made public by the Red Cross itself on this site.

Red Cross Hack

The Red Cross writes that the attack compromised personal data and confidential information on more than 515,000 vulnerable people. This includes people separated from their families due to conflict, migration and disasters, missing persons and their families, and people in detention. The data came from at least 60 National Red Cross and Red Crescent Societies from around the world.

The ICRC's greatest concern following this attack is the potential risks associated with this breach – including the release of confidential information – to the people the Red Cross and Red Crescent network seeks to protect and support, as well as to their families. When people go missing, the anxiety and uncertainty for their families and friends is great. Robert Mardini, Director General of the ICRC, comments:

An attack on missing persons' data makes the anxiety and suffering for families even harder to bear. We are all appalled and stunned that this humanitarian information is being targeted and compromised. This cyberattack puts people who are already in need of humanitarian aid at even greater risk.

While we do not know who is responsible for this attack or why it was carried out, we have this appeal to make to them. Their actions could potentially bring even more suffering and pain to those who have already endured unspeakable suffering. The real people, the real families behind the information you now have are among the least powerful in the world. Please do the right thing. Do not share this data, do not sell it, do not leak it, and do not use it in any other way.

The ICRC has no immediate leads on who carried out this cyberattack, which targeted an outside company in Switzerland that the ICRC contracted to store data. There is no indication yet that the compromised information has been released to the public. The IT people are working as quickly as possible to find a solution so that this important work can continue.


By way of background, the ICRC, along with the wider Red Cross and Red Crescent network, runs a program called Restoring Family Links, which aims to reunite family members who have been separated by conflict, disaster or migration. Due to the attack, we were forced to shut down the systems that underpin our work to restore family links, which affects the Red Cross and Red Crescent Movement's ability to reunite separated family members.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *