GENEVA — Hackers broke into computer servers hosting data belonging to the International Committee of the Red Cross and gained access to confidential information on more than half a million “highly vulnerable people,” the ICRC said on Wednesday.
The data breach compromised at least 60 Red Cross and Red Crescent National Societies around the world. It affects 515,000 people who have been “separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention,” ICRC officials said.
That has left the international organization scrambling to address the potential risks, primarily the public release of that data which could compromise people’s safety.
“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, ICRC’s director-general. “This cyber attack puts vulnerable people, those already in need of humanitarian services, at further risk.”
The international organization was founded in 1863 to help war victims, but it also looks after political prisoners and victims of natural disasters. As an impartial, neutral and independent organization, it main purpose is to uphold international humanitarian law as the guardian of the Geneva Conventions, which govern the rules of war and military occupation. They are basic legal principles for maintaining a balance between military and humanitarian needs.
Because of the breach to its computer servers, the organization had to shut down a program, Restoring Family Links, that aims to reunite families separate by conflict, disaster or migration.
We are appalled that this humanitarian information has been compromised.
Our most pressing concern now is the potential risks for people that the Red Cross and Red Crescent network seeks to protect and assist.@RMardiniICRC's response to the cyber attack 👇 pic.twitter.com/lBBGlnMf1p
— ICRC (@ICRC) January 20, 2022
An appeal to the hackers
ICRC said the hackers targeted its computer servers that are hosted by a Swiss contractor, and there was no indication who carried out the cyber attack or that the data has been leaked or shared publicly. Mardini appealed to the perpetrators to not share, sell, leak or otherwise use the data. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” he said.
The Office of the U.N. High Commissioner for Human Rights, which carries out high-profile, sensitive investigations into suspected abuses of human rights, suffered a sophisticated cyber attack on its computers in 2019. It assured the public, however, that none of its sensitive data or confidential information were accessed.
OHCHR said hackers accessed a “self-contained” part of the system called the Active User Directory, which contains the user IDs for staff and devices.
That attack reportedly was part of a sophisticated hack of dozens of U.N. computer server networks in Geneva and Vienna. A report from the U.N. Office of Information and Communications Technology, or OICT, said the attack caused 42 servers to be “compromised,” including three used by OHCHR, and two used by the U.N. Economic Commission for Europe, or UNECE, while another 25 were in “suspicious” condition.