The Geneva-based International Committee of the Red Cross (ICRC) has been the victim of a “sophisticated cyber-attack”. Servers hosting the personal and confidential data of more than 515,000 extremely vulnerable people have been compromised.
The humanitarian organisation said on Wednesday that the breach by unknown intruders this week affected the data of hundreds of thousands of people “including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention”.
It said the information originated from at least 60 Red Cross and Red Crescent Societies around the world.
The most pressing concern for the Swiss-run organisation is the “potential risks that come with this breach – including confidential information being shared publicly – for people whom the Red Cross and Red Crescent network seeks to protect and assist, as well as their families”.
The ICRC said the breach targeted an external company in Switzerland that stores data for the humanitarian organisation, and there was no indication the information had been publicly shared or leaked.
"We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” Robert Mardini, the ICRC's director-general, said in a statementExternal link.
Mardini issued an appeal to the people behind the hack to “do the right thing. Do not share, sell, leak or otherwise use this data”.
As a result of the breach the Red Cross has been forced to shut down systems around its “Restoring Family Links” programme, which helps to reunite family members separated by conflict, disaster or migration.
“We are working as quickly as possible to identify workarounds to continue this vital work,” Mardini said.
In compliance with the JTI standards