Red Cross "appalled" by data breach targeting 515,000 vulnerable people

Red Cross officers assist in Yemen after attack kills many locals
(Image credit: Red Cross)

The International Committee of the Red Cross (ICRC) has issued a plea to cyber attackers to "do the right thing" and not leak the personal information of more than half a million vulnerable people, following an attack on its systems this week.

Red Cross announced on Wednesday that it became aware of a data breach at one of its Switzerland-based partners managing data storage on behalf of the international charity.

It said personal information on more than 515,000 vulnerable people was compromised as part of the breach, which is said to include details on those separated from families due to conflict, migration, and disaster, and people in detention facilities.

The Red Cross said that individuals that have already experienced "untold suffering" are likely to suffer further as a result of the data breach.

No individual or group has claimed responsibility for the attack at the time of writing, and there is no indication that the compromised data has been distributed online. The Red Cross implored the attackers on Wednesday not to leak, publish, or otherwise share the information related to those affected.

"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Robert Mardini, ICRC's director-general. "Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."

In an emotionally-charged announcement, Mardini added: "An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised".

The Red Cross Restoring Family Links programme website displayed as being under maintenance following a cyber attack

Red Cross said it has been forced to shut down its systems supporting the Restoring Family Links programme, which is jointly run by Red Cross and Red Crescent. The program aims to reunite family members separated by conflict, disaster, or migration. The website remains down at the time of writing.

Red Cross said it's taking the breach "extremely seriously" and will try to return to reuniting families, which it currently does successfully with an average of 12 cases per day, as soon as it can.

Hackers change tack

In recent years, many cyber attackers have heeded the condemnation from the cyber security community regarding the targeting of non-profit, charitable, and other 'for good' organisations, many of which have excluded these types of targets from their operations.


Your journey to zero trust

What you wish you knew before you started


Numerous ransomware gangs have notably made public announcements saying they will not target such organisations. The operators of DoppelPaymer ransomware is one example, as is the Maze ransomware group.

DarkSide, the group responsible for the Colonial Pipeline attack in 2021, also famously said it would not target healthcare organisations and other types it deemed to be morally out of bounds such as schools, non-profits, and public sector bodies.

The moves followed a number of high-profile cyber attacks which were seen as morally reprehensible at the time. For example, the hack on the World Health Organisation at the start of the COVID-19 pandemic was met with universal condemnation, and an infamous hack on a German hospital that led to a patient's death later that year also captured the world's attention for the wrong reasons.

Though not all cyber attackers have adopted such morally acceptable stances on victim targeting. The FIN12 hacking group gained notoriety for actively pursuing targets in the healthcare space and a 2021 Mandiant report indicated nearly a fifth of its targets were in the healthcare industry, many of which operated medical facilities.

"Healthcare is one of the most targeted industries by threat actors according to our data, and it will continue to be one of the most attacked targets in 2022," said Lotem Finkelsteen, head of threat intelligence and research at Check Point Software Technologies to IT Pro. "We are talking about 830 weekly cyber attacks on healthcare organisations in 2021, this is over 71% increase in just one year.

"Hackers show no mercy on healthcare or other such humanitarian targets, and the Red Cross is not alone here. Hacking groups are aware of the sensitivity of this data, and they see them as ‘fast money targets’. Hospitals and healthcare organisations can’t afford to halt operations, as it could literally lead to life or death situations."

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.