A cyberattack targeting a contractor working for the International Committee of the Red Cross has spilled confidential data on more than 515,000 “highly vulnerable” people, many of whom have been separated from their families due to conflict, migration and disaster.
The Red Cross did not name the contractor, based in Switzerland, which it uses to store data nor say what led to the security incident, but said that the data comes from at least 60 Red Cross and Red Crescent national societies.
In a statement, the international organization pleaded with the attackers not to publicly share or leak the information given the sensitivity of the data.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data,” read the statement.
As a result of the breach, the organization shut down its Restoring Family Links program, which aims to reunite family members separated by conflict or disaster.
A spokesperson for the Red Cross told TechCrunch that the stolen information included names, locations and contact information, as well as credentials used to access some of the organization’s programs.
The hack compromised personal data such as names, locations and contact information of more than 515,000 people. The people affected include missing people and their families, unaccompanied or separated children, detainees and other people receiving services from the Red Cross and Red Crescent Movement as a result of armed conflict, natural disasters or migration. Login information for about 2,000 Red Cross and Red Crescent staff and volunteers who work on these programs has also been compromised. No other information at the ICRC was compromised due to the segmentation of the systems, said Red Cross spokesperson Crystal Ashley Wells.
International human rights groups and disaster relief agencies are an increasing target for hackers. Last year the United Nations had its network breached by unknown cyberattackers, and Microsoft revealed that the U.S. Agency for International Development was targeted to launch malicious emails to thousands of targets.
Updated with comment from Red Cross. Carly Page contributed reporting.