Hack of Red Cross exposes data on over 500,000 vulnerable people

The Geneva-based ICRC said the breach targeted an external company in Switzerland that stores data for the humanitarian organisation. Keystone / Laurent Gillieron

The Geneva-based International Committee of the Red Cross (ICRC) has been the victim of a “sophisticated cyber-attack”. Servers hosting the personal and confidential data of more than 515,000 extremely vulnerable people have been compromised.

This content was published on January 20, 2022 - 09:23

The humanitarian organisation said on Wednesday that the breach by unknown intruders this week affected the data of hundreds of thousands of people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.

It said the information originated from at least 60 Red Cross and Red Crescent Societies around the world.

The most pressing concern for the Swiss-run organisation is the “potential risks that come with this breach – including confidential information being shared publicly – for people whom the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.

The ICRC said the breach targeted an external company in Switzerland that stores data for the humanitarian organisation, and there was no indication the information had been publicly shared or leaked.

"We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Robert Mardini, the ICRC's director-general, said in a statementExternal link.

Mardini issued an appeal to the people behind the hack to “do the right thing. Do not share, sell, leak or otherwise use this data”.

As a result of the breach the Red Cross has been forced to shut down systems around its “Restoring Family Links” programme, which helps to reunite family members separated by conflict, disaster or migration.

“We are working as quickly as possible to identify workarounds to continue this vital work,” Mardini said.

In compliance with the JTI standards

In compliance with the JTI standards

More: SWI certified by the Journalism Trust Initiative

You can find an overview of ongoing debates with our journalists here. Please join us!

If you want to start a conversation about a topic raised in this article or want to report factual errors, email us at

Change your password

Do you really want to delete your profile?

Your subscription could not be saved. Please try again.
Almost finished... We need to confirm your email address. To complete the subscription process, please click the link in the email we just sent you.

Discover our weekly must-reads for free!

Sign up to get our top stories straight into your mailbox.

The SBC Privacy Policy provides additional information on how your data is processed.