The serious cyber attack reported by the International Committee of the Red Cross (ICRC) in Geneva yesterday evening, 19 January, also affects the International Tracing Service of the German Red Cross (GRC) along with around 60 other Red Cross and Red Crescent Societies. “This incident and the extent of the cyber attack known so far are frightening and must be condemned in the strongest possible terms. The attack affects the data of over 515,000 people worldwide in connection with the important humanitarian work of the International Tracing Service of the Red Cross. Those affected include, in particular, people missing as a result of conflict, migration or disasters, their families and people in detention. The top priority now must therefore be to provide the best possible protection for the people behind the data, who are already highly vulnerable and now face additional risks and suffering. I would like to join the urgent appeal of ICRC Director General Robert Mardini to the hackers not to publish, distribute or sell the data,” says GRC Secretary General Christian Reuter.
The GRC, together with the ICRC and other affected Red Cross and Red Crescent societies, data protection and IT experts are currently investigating the incident under high pressure in order to take the right further necessary steps. “Many details of the cyber attack are still unclear, including the motives behind it and who is responsible. We are dealing with global data from people seeking assistance. The investigation currently taking place is a highly sensitive matter. We will proceed with the greatest possible care and responsibility towards the people who have entrusted themselves to us in search of support in their time of need,” emphasises Reuter.
Through a targeted attack on the ICRC’s IT infrastructure, hackers managed to gain access to the International Tracing Service database, which is located on servers of an external provider in Switzerland. Evidence suggests that stored personal data of people seeking assistance and access data of International Tracing Service staff in various countries may have been extracted from this environment. The nature of this data needs to be further determined as part of the ongoing investigation. The security vulnerability was discovered on 18 January. As a result, the affected systems were shut down until further notice to prevent access to them. According to current knowledge, the data has not yet been published by the hackers.
The International Red Cross and Red Crescent Movement is the largest humanitarian organisation in the world with national societies in 192 countries.