Reading Time: 2 minutes

Database of Australian International Committee of Red Cross suffers from a “major” cyberattack on its database of ICRC. 

The database held information of more than 500,000 clients worldwide who had requested services for their missing families due to disease, immigration, or overseas conflict. Red Cross offers these services under the program called RFL or ‘Restoring Family Links.’

According to an official statement from the Australian Red Cross, personal details and related documents of clients “may have been put into the database” that has been breached.

According to the advisory by the Australian Red Cross:

“This is a standard internal process to ensure that information is kept in one place, and we can communicate with our partners in other countries when trying to find a missing loved one.”

According to the Australian Red Cross, the information in the database includes:

  • Name
  • Contact information
  • Information about missing family
  • Name or contact information of relatives
  • Documents provided by clients to Red Cross (identity documents, photos, Attestation forms from ICRC, etc.).

Australian Red Cross said that they had “no indication” that the information had been deleted, misused, or leaked. However, “hackers were inside the system and had the ability to copy and export information.”

What’s more concerning is that after the cyber attack, the Australian Red Cross could not access the database to confirm the extent of the exposure. “We are not currently able to access any case information or work on any cases,’ said the local officials.

“The IRC is not in the process of identifying short-term solutions to enable Red Cross and Red Crescent teams worldwide to continue providing humanitarian services for the people impacted by this accident.”

The cybercriminals targeted a third-party Switzerland-based data storage provider that was contracted by the IRC. It held information from “at least 60 Red Cross and Red Crescent National Societies across the world,” said IRC in a statement.

Robert Mardini, IRC’s director-general urged the attackers not to leak any personal data of clients.

“Your actions could potentially cause yet more harm and pain to those who already endured untold suffering. The real people, the real families behind the information you now have are among the world’s least powerful.
Please do the right thing. Do not share, sell, leak, or otherwise use this data.”

Mardini said that the IRC is taking this data breach very seriously and is working closely with global partners to define the scope of the cyber attack and appropriate measures for safeguarding data against such threats in the future.

IRC has shut down its computer systems, halting their work. There is no news about the threat actors behind the attack or leakage of the compromised information. However, data breaches like these end up in ransomware.