The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.
The ICRC's most pressing concern following this attack is the potential risks that come with this breach -- including confidential information being shared publicly -- for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families. When people go missing, the anguish and uncertainty for their families and friends is intense.
"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised," said Robert Mardini, ICRC's director-general. "This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk."
The ICRC has no immediate indications as to who carried out this cyber-attack, which targeted an external company in Switzerland the ICRC contracts to store data. There is not yet any indication that the compromised information has been leaked or shared publicly.
"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Mr Mardini.
"Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."
The ICRC along with the wider Red Cross and Red Crescent network jointly runs a program called Restoring Family Links that seeks to reunite family members separated by conflict, disaster or migration. Because of the attack, we have been obliged to shut down the systems underpinning our Restoring Family Links work, affecting the Red Cross and Red Crescent Movement's ability to reunite separated family members. We are working as quickly as possible to identify workarounds to continue this vital work.
"Every day, the Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families. That's a dozen joyful family reunifications every day. Cyber-attacks like this jeopardise that essential work," Mr Mardini said. "We are taking this breach extremely seriously.
We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future."
For more information, please contact:
Crystal Wells, ICRC Geneva, at cwells@icrc.org , or +41 79 642 80 56
Ewan Watson, ICRC Geneva, ewatson@icrc.org , or +41 79 244 64 70
Elizabeth Shaw, ICRC Washington, D.C., at egormanshaw@icrc.or g, or +1 202 361 1566
SHOTLIST:
00:00:00:00 - 00:00:07:03 This week, we at the International Committee of the Red Cross detected a sophisticated cyber security attack against our computer servers.
00:00:08:29 - 00:00:16:12 The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people,
00:00:16:12 - 00:00:22:10 including those separated from their families due to conflict, migration and disaster;
00:00:22:10 - 00:00:25:14 missing persons and their families; and people in detention.
00:00:26:03 - 00:00:32:25 Our most pressing concern now is the potential risks for people that the Red Cross and Red Crescent network
00:00:32:28 - 00:00:34:26 seeks to protect and assist.
00:00:35:21 - 00:00:41:22 We have suspended all access to the compromised systems to mitigate the immediate impact of this attack.
00:00:41:25 - 00:00:46:20 And we are in the process of identifying other solutions with our humanitarian partners.
00:00:47:23 - 00:00:51:29 We are appalled that this humanitarian information has been compromised.
00:00:53:05 - 00:01:00:23 The Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families each day
00:01:01:11 - 00:01:11:25 Those are families separated by conflict, disaster or migration. Attacks like this jeopardize that essential work.
00:01:12:04 - 00:01:15:08 They have real-world consequences.
00:01:16:14 - 00:01:19:13 We have been warning at ICRC for years now
00:01:19:19 - 00:01:22:18 of an increase in cyber-attacks on health-care facilities,
00:01:22:18 - 00:01:28:03 as well as our increasing concern about data protection in humanitarian situations.
00:01:28:03 - 00:01:31:27 Now an attack has directly targeted us.
00:01:33:03 - 00:01:35:10 We don’t know who carried out this cyber-attack.
00:01:35:10 - 00:01:42:03 And there is not yet any indication that the compromised information has been shared publicly.
00:01:42:13 - 00:01:45:28 But we are appealing to whomever is responsible:
00:01:46:10 - 00:01:56:26 The real people, the real families, behind the information you now have are among the world’s least powerful.
00:01:57:04 - 00:02:03:27 Please do the right thing. Do not share, sell, leak or otherwise use this data.
ENDS