Cyber-attack targets international tracing data

As part of a targeted and highly professional cyber attack, over 515,000 people around the world had their personal data and confidential information breached. Among the people affected are families separated from each other, persons looking for a relative, missing persons and their family members and other persons receiving assistance from the Red Cross and Red Crescent Movement.

Since the Tracing Service of the German Red Cross (GRC Tracing Service) also used the targeted digital systems in the course of its work and is thus affected by the security breach, we unfortunately have to assume that the personal data you transmitted to us could also have been accessed by the attackers. Further investigations are ongoing. However, we currently assume that this unauthorised access pertained primarily to very personal information in the following categories:

• names, gender, dates of birth, places of birth, nationalities, ethnic affiliations of persons looking for a relative, but also such information on missing persons, contacts, senders and recipients of Red Cross messages,
• residential and postal addresses, telephone numbers, e-mail addresses of persons looking for a relative, contact persons, senders and recipients of Red Cross messages, as well as last known contact data of this kind of missing persons,
• information on the family relationship between the searching and missing persons, as well as between senders and recipients of Red Cross messages.

If you shared this specific information with us as part of your request, then this data was entered by us into the affected digital systems.

We also cannot rule out the possibility that photos of searching and missing persons have also been accessed without authorisation, provided you have given your consent to participate in Trace the Face / Trace the Face – Kids.

We do not yet know with what intent this serious security breach was committed. The investigation of the incident so far suggests that the affected data has not been manipulated or deleted as a result of the attack. Furthermore, there are currently no indications that the stolen data has already been released to the public or made publicly accessible. However, all these issues are being further investigated and continuously monitored by specialised IT security experts.

The GRC Tracing Service, together with the ICRC and 191 National Red Cross and Red Crescent Societies of other countries, provides assistance to people who have become separated from their loved ones due to armed conflicts, natural disasters, escape, displacement or migration.By working together, this International Restoring Family Links Network helps to trace loved ones, reconnect them and reunite families. The Red Cross and Red Crescent Movement helps reunite twelve missing people with their families every day. Cyber attacks like this one put this important work at risk.

Protecting the information you and other people seeking assistance entrust to us in connection with international tracing is a top priority for us. That is why we follow specific rules of conduct when dealing with this very personal information and strive to always protect our digital systems from unauthorised access by third parties through state-of-the-art technology.

Immediately after the attack was detected, the affected ICRC systems were shut down to prevent further unauthorised access to the data. A specialised IT security company was also commissioned to investigate the attack and help the ICRC to further secure its digital systems against similar attacks in the future.

In addition, we at the GRC Tracing Service immediately took additional measures to secure our internal systems, which we use, for example, to securely send sensitive information within the GRC Tracing Service, and which were not connected to the affected IT systems of the ICRC, against unauthorised access. To ensure that the GRC Tracing Service remains operational, we will be using a local database of the German Red Cross for the International Tracing Service until further notice, where we will be able to access the necessary information pertaining to your case until the recovery of the ICRC’s systems in a secure environment can be ensured. 

As the extent and impact of this attack is not conclusively known, we are continuing to investigate the incident and assess possible risks and consequences for different contexts and individuals. It is all the more difficult to assess the specific risks to you as we currently have no indication as to who is responsible for this attack and for what purpose the stolen data could be used.

Despite the measures we have taken, it cannot be ruled out that you will become subject to fraud or identity theft, for example, and so we would like to give you some advice on the steps you can take at this stage to limit the damage:   

• Beware of phishing attacks, i.e. the sending of fraudulent messages that appear to come from a reputable source or even a sender you know. Such messages may ask recipients to disclose personal information on a fake website or over the phone in order to commit criminal acts such as identity theft, gain unauthorised access to the recipient’s accounts, or install malware on the recipient’s computer or mobile phone.
• Do not reply to suspicious messages and do not disclose any personal information in response to unsolicited e-mails you may receive. If in doubt, please contact your nearest GRC Tracing Service support centre to clarify whether we have requested this information from you.
• If you receive a suspicious e-mail or text message claiming to be from the Red Cross or asking for your personal information, delete the message immediately and do not forward or share it. Make sure that the German Red Cross logo is genuine.
• Provided you are in contact with them, pass on this information to your relatives and contacts whose personal data you have shared with us in connection with your tracing request.
• Notify your immediate circle that your data could be used unlawfully.

As soon as we receive up-to-date information regarding this incident’s origins that will allow for a more detailed risk assessment, we will immediately make it available for you on the GRC Tracing Service website at www.drk-suchdienst.de.

Please visit the GRC Tracing Service website to follow the progress of our findings and to find out about further measures to be taken as a result of this security breach. All efforts will be made to provide helpful recommendations on how to protect yourself and your loved ones, based on the latest information available.

If you have any particular concerns or worries in relation to this serious breach affecting the information you have provided, please do not hesitate to contact your nearest GRC Tracing Service support centre. Only then can we determine which further measures would be appropriate in your individual case to avert imminent risks. If you do not have them, you can find the relevant contact details here: https:/www.drk-suchdienst.de/drk-suchdienst-in-ihrer-naehe/

You can also contact the data protection officer of the GRC Tracing Service by e-mail at Datenschutz-Suchdienst(at)drk.de.