The International Committee of the Red Cross (ICRC) confirmed it has been hit by a “sophisticated” cyberattack this week that has compromised the information of more than 515,000 highly vulnerable people.
The humanitarian organisation said this number includes those separated from their families due to conflict, migration and disaster, as well as people in detention, missing people and their families.
The compromised information came from at least 60 Red Cross and Red Crescent National Societies around the world, the ICRC said in a statement on Wednesday 19 January. The attack targeted an external company in Switzerland the ICRC contracts to store data.
ICRC’s director-general Robert Mardini said this attack puts vulnerable people who are already in need of humanitarian aid at further risk.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Mardini said.
The Red Cross has been forced to temporarily shut down its Restoring Family Links programme, which seeks to reunite family members separated by conflict, disaster or migration. The ICRC said it is working to identify workarounds to continue this work.
“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Mardini said. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
Mardini said that the ICRC is working to understand the scope of the attack and take measures to safeguard its data in the future. He added that the Red Cross reunites an average of 12 missing people a day with their families and “cyberattacks like this jeopardise that essential work”.
CEO of internet security company SonicWall Bill Conner commented on the attack, saying the risk of cyberattacks affects “virtually every kind of enterprise”.
“Companies should start with the presumption that they will be attacked and have a comprehensive incident response plan in place. An incident response plan should include a consumer notification process especially when sensitive data such as social security numbers and financial information is corrupted.”
Conner said regulation or industry standards should be put in place to protect consumers and relevant stakeholders from material damage and to help ensure transparency.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
The post Red Cross cyberattack exposes data of 515,000 ‘highly vulnerable people’ appeared first on Silicon Republic.