The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster, or migration.
“While we don’t know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them,” Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”
Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no “immediate indications as to who carried out this cyber-attack” and is so far unaware of any of the compromised information being leaked or shared publicly.
Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.
The release provided few details about the attack. It’s not clear if it was done by profit-motivated ransomware criminals, nation-state hackers, or others. Over the past few years, a rash of ransomware breaches has hit health care providers, forcing them in many cases to reroute ambulances and cancel elective surgeries. In 2020, the ICRC helped lead a coalition that called on nations around the world to crack down on cyberattacks involving hospitals and health care providers.
Last September, the ICRC confirmed it was on the receiving end of a hack the previous April that compromised login credentials and other data that could be used to target agencies within the intergovernmental organization. The earliest known date the hackers obtained access to the UN’s systems, Bloomberg News reported, was April 5, and the hackers remained active through at least August. The breach came to light when private researchers noticed login credentials for sale on the dark web.