‘Highly sensitive data’ including staffers’ info stolen from Swiss contractor to charity
A massive hack of the Red Cross has compromised information from employees, refugees, detainees, migrants, and family members of all those groups, and the culprit remains unknown.
Information on some 515,000 “highly vulnerable” individuals has been stolen from the Red Cross, the organization revealed on Wednesday in a statement posted to its website. The data was apparently stolen from a third-party Swiss contractor with whom the ICRC stores it, and there is no indication that it has yet been leaked or otherwise shared publicly.
The International Committee of the Red Cross has urged the hackers not to publish any of the information, which originated from at least 60 Red Cross and Red Crescent societies worldwide. Writing that “an attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” the organization urged the hackers to “please do the right thing. Do not share, sell, leak or otherwise use this data.”
“This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk,” ICRC director-general Robert Mardini wrote in the group’s letter. “We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”
The stolen data includes names, locations, contact information, and credentials used in accessing organizational programs. Login information for some 2,000 staffers and volunteers working for the Red Cross was also stolen, and the entirety of a program called Restoring Family Links, which connects family members who are separated by warfare or natural disasters, has been shut down due to the disruption caused by the hack.
