Red Cross cyberattack sees data of thousands at-risk people stolen

News
By
published

Another supply chain attack with grave consequences

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

A supply chain attack has resulted in the data of more than half a million “highly vulnerable people” stolen from Red Cross systems.

A contractor for the Swiss-based International Committee of the Red Cross (ICRC) fell victim to a cyberattack recently, with unknown malicious actors making away with sensitive data on more than 515,000 individuals.

And not just any individuals - people who got separated from their families through conflict, migration, or natural disasters, missing persons and their families, as well as people in detention.

Mystery attack

Initial reports are saying that this was not a ransomware attack, but we don't know if any endpoints were infected with malware, or if a malicious actor compromised the network via a stolen identity.

The data that was stolen came from at least 60 Red Cross and Red Crescent “national societies”, comprising of information on staff, volunteers, first respondents, as well as those affected by various tragedies.

"As a first step, we will work with most concerned ICRC delegations and Red Cross and Red Crescent societies on the ground to find ways to inform individuals and families whose data may have been compromised, what measures are being taken to protect their data and the risks they may possibly face," Red Cross spokesperson Elizabeth Shaw told CNN.

Biggest breach ever

The Red Cross also said it employed a “highly specialized” cybersecurity firm in response.

Speaking to CNN, Lukasz Olejnik, a former cyber warfare adviser at Red Cross headquarters in Geneva, said chances are this is “the biggest and most sensitive breach in the history of ICRC”. Considering the sensitiveness of the data, it could also be the greatest breach “of all humanitarian organizations to date.”

Who would want to target such a cohort, and to what end, is anyone’s guess. Most ransomware operators, for example, have recently announced they would refrain from targeting government institutions, key infrastructure firms, and healthcare institutions, after a counter-offensive by multiple law enforcement agencies, militaries, and intelligence agencies around the world, which took down some of the largest players. 

  • You might also want to check out our list of the best firewalls right now

Via: CNN

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Blood donation firm reveals donor personal data stolen in cyberattack
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Code Skull
Blood donation giant warns of issues following ransomware attack
Data leak
AWS customers hit by major cyberattack which then stored stolen credentials in plain sight
Data leak
Ransomware attackers leak stolen Rhode Island private info following hack
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Thousands of Rhode Island citizens have data stolen after social services hit by cyberattack
Latest in Security
A graphic showing fleet tracking locations over a city.
Lost & Found tracking site hit by major data breach - over 800,000 could be affected
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
US set to pause cyber-offensive operations against Russia - but CISA says it won't stop
Web DDoS attacks see major surge as AI allows more powerful attacks
Polish space agency says it was hit by a cyberattack
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about security
A graphic showing fleet tracking locations over a city.

Lost & Found tracking site hit by major data breach - over 800,000 could be affected
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.

Microsoft Teams and other Windows tools hijacked to hack corporate networks
HTC Viverse

The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
See more latest
Most Popular
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel