Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Red Cross Falls Victim to Massive Cyberattack

The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday.

The International Committee of the Red Cross was the victim of a massive cyberattack in which hackers seized the data of more than 515,000 extremely vulnerable people, some of whom had fled conflicts, it said on Wednesday.

“A sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week,” it said in a statement.

“The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.”

The body, which has its headquarters in Geneva, had no immediate indication as to who might have carried out the attack.

It said the hackers targeted an external company in Switzerland that the ICRC contracts to store data. There was no evidence so far that the compromised information had been leaked or put in the public domain.

The ICRC said its “most pressing concern” was the “potential risks that come with this breach — including confidential information being shared publicly — for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.

The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said ICRC director-general, Robert Mardini.

Advertisement. Scroll to continue reading.

“This cyberattack puts vulnerable people, those already in need of humanitarian services, at further risk.”

And he called on those responsible to “do the right thing — do not share, sell, leak or otherwise use this data”.

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” he added.

As a result of the attack, the ICRC had been forced to shut down the computer systems underpinning its Restoring Family Links programme that seeks to reunite family members separated by conflict, disaster or migration, the statement said.

“We are working as quickly as possible to identify workarounds to continue this vital work,” it added.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.