The hack has forced the Red Cross to shut down IT systems that support a program that reunites families separated by conflict, migration or disaster, the humanitarian organization said.
It’s unclear who was responsible for the cyber incident, but the Red Cross said its “most pressing concern” was the potential for the compromised data to be leaked. There is no indication that has happened yet, according to the Red Cross.
“We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” ICRC Director-General Robert Mardini said in a statement.
The hack hit a Switzerland-based firm that the Red Cross pays to store its data, the humanitarian organization said without naming the firm. The compromised data came from at least 60 of the “national societies,” or networks of volunteers and staff, around the world that the Red Cross uses as first responders to disasters.
“It seems to be the biggest and most sensitive breach in history of ICRC and, probably, considering the sensitiveness, of all humanitarian organizations to date,” said Lukasz Olejnik, a former cyber warfare adviser at Red Cross headquarters in Geneva.
The Red Cross should consider asking governments that are party to the Geneva Conventions for help in recovering from the hack, Olejnik, who is an independent cybersecurity consultant, told CNN.
