Data of ‘highly vulnerable’ war victims compromised in massive Red Cross cyber attack

For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails

Sign up to our free breaking news emails

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

The International Committee of the Red Cross (ICRC) said it became a victim of a sophisticated cyber security attack this week, and personal details of highly vulnerable people were breached.

The attack compromised the personal data of more than 515,000 “highly vulnerable people”, including “those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”, the organisation said on Wednesday in a statement.

It added that the target was a contractor used by the Geneva-based organisation to store its data but did not name the company.

The compromised data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

“The ICRC’s most pressing concern following this attack is the potential risks that come with this breach -- including confidential information being shared publicly -- for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families,” the organisation said.

In response, the Red Cross shut down online systems that support a programme that reunites families separated by conflict, migration or disaster, the humanitarian organisation said, adding that it is working at full pace to resume services.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, ICRC’s director general.

“This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk,” he added.

The organisation said that it had no indication of who the attackers are, but Mr Mardini called on those responsible to “do the right thing” and not share, sell, leak or otherwise use the data.

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” he said. “We are taking this breach extremely seriously. We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future.”