Red Cross cyberattack exposes data of 515,000 ‘highly vulnerable people’

20 Jan 2022

Image: © MoiraM/

The Red Cross has shut down its programme that reunites separated families while it works to understand the scope of the cyberattack.

The International Committee of the Red Cross (ICRC) confirmed it has been hit by a “sophisticated” cyberattack this week that compromised the information of more than 515,000 “highly vulnerable people”.

The humanitarian organisation said this number includes people separated from their families due to conflict, migration and disaster, as well as people in detention, missing people and their families.

The compromised data came from at least 60 Red Cross and Red Crescent Societies around the world, the ICRC said in a statement on Wednesday (19 January). The attack targeted an external company in Switzerland that the ICRC contracts to store data.

The ICRC said there is no indication that the compromised information has been leaked or shared publicly.

But ICRC director-general Robert Mardini said the attack puts vulnerable people who are already in need of humanitarian aid at further risk.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Mardini said.

The Red Cross has been forced to temporarily shut down its Restoring Family Links programme, which seeks to reunite family members separated by conflict, disaster or migration. The ICRC is looking to identify workarounds to continue this programme.

“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Mardini added.

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

Mardini said the ICRC is working to understand the scope of the attack and take measures to safeguard its data in the future. He added that the Red Cross reunites an average of 12 missing people a day with their families and “cyberattacks like this jeopardise that essential work”.

Bill Conner, CEO of cybersecurity company SonicWall, noted that the risk of cyberattacks affects “virtually every kind of enterprise”.

“Companies should start with the presumption that they will be attacked and have a comprehensive incident response plan in place. An incident response plan should include a consumer notification process especially when sensitive data such as social security numbers and financial information is corrupted.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic