A contractor for The International Committee of the Red Cross (ICRC) suffered a data breach, as revealed on Wednesday. Over 515,000 people are affected in the Red Cross and Red Crescent networks. These include those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.
Red Cross Data Breach: What We Know
A spokesperson for the Red Cross told TechCrunch the data included names, locations, and contact information, along with employee credentials for roughly 2,000 employees and volunteers. Due to the attack the Committee has been forced to shut down the Restoring Family Links network. This segment of the organization helps reunited family members who have been separated by conflict, disaster or migration.
The ICRC has no information on who carried out the attack. It targeted a contracting company located in Switzerland that the Committee uses to store data. It is also unknown that the data has been leaked or shared publicly.
Robert Mardini, ICRC’s director-general, asked the attackers not to share the data:
While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them. Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.
Contact Information
For more information, the ICRC provides the following contact information:
- Crystal Wells, ICRC Geneva, at [email protected], or +41 79 642 80 56
- Ewan Watson, ICRC Geneva, [email protected], or +41 79 244 64 70
- Elizabeth Shaw, ICRC Washington, D.C., at [email protected], or +1 202 361 1566
Andrew:
One of my cousins is a retired former senior executive with the ICRC, and is still occasionally called back on delicate international relief missions (like the Rohingya in Bangladesh). It remains one of the single most highly respected humanitarian relief organisations on the planet, and as such, an unlikely target for the run of the cyber attack.
That someone would specifically target the family relief network is unlikely a coincidence, and raises the spectre of a regime hunting high value refugees, people who might know enough to harm the despotic regimes that they have fled.
It would not be the first time that such states have tracked down defectors in order to seek retribution on their families, coerce them into returning, or dispatch them on foreign soil.