On late Wednesday, the International Committee of the Red Cross (ICRC) has revealed a “sophisticated cyberattack” against its infrastructure, that caused personal data of over 515,000 highly vulnerable people to be stolen.
The ICRC said this data was collated from over 60 affiliates of its Red Cross organization and belongs to those who have been separated, missing, migrated people. As it’s highly sensitive, the Red Cross director general asked the threat actors not to share or leak the stolen data, which can hamper its critical work.
Cyberattack on Red Cross
The International Committee of the Red Cross (ICRC), popularly known as just the Red Cross, has announced being hit by a sophisticated cyberattack this week. The service organization revealed on late Wednesday, that an unknown threat actor have accessed some of the senstive data stored in its servers.
Clarifying that it wasn’t a ransomware attack, Red Cross said the incident resulted in hackers accessing the personal data of “more than 515,000 highly vulnerable people,” like the ones who’re separated from their families due to conflict, disaster, migration, detention, and missing.
Red Cross said the data was gathered from at least 60 Red Cross and Red Crescent National Societies from around the world, and it’s the hack against a Swiss company that leaked Red Cross’s data since it was hired to manage the information.
Reiterating on not a ransomware attack, Red Cross said it was forced to shut down the systems anyway, citing a “Restoring Family Links” program, that reunites the people who’re migrated, missing, or disaster.
The organization said there were no traces found of the stole data being distributed in wild, but the director-general of the Red Cross, Robert Mardini appealed to those unknown hackers as
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak, or otherwise use this data.”