Large-scale cyberattack halts Red Cross work reuniting families, exposes confidential data

The sensitive and confidential data for more than 500,000 individuals helped by the organization was exposed.
The entrance of the International Red Cross and Red Crescent Museum, as seen during a press preview of the new permanent exhibition in May 2013. (FABRICE COFFRINI/AFP via Getty Images)

A cyberattack compromised personal and confidential data on more than half a million people helped by at least 60 Red Cross and Red Crescent organizations around the world, the International Committee of the Red Cross announced Wednesday.

The organization said the exposed information belonged to highly vulnerable groups, including families separated by conflict.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised,” said Robert Mardini, ICRC’s director general. “This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk.”

The hack compromised personal data including names, location and contact information of 515,000 individuals served by the group, including children and detainees. Login information for roughly Red Cross and Red Crescent staff and volunteers was also compromised.


ICRC clarified in a statement Jan. 21 that the attack was specifically targeted at its servers, not the Swiss company hosting them. No suspects have been identified yet.

International human rights organizations and nonprofits are popular targets for attackers. The United Nations confirmed in September it was hit earlier in the year by attackers that breached its infrastructure and accessed. The Red Cross has been a strong voice in calling for an end to cyberattacks against health care facilities.

Mardini urged those responsible for the attack to “do the right thing” and “not share, sell, leak or otherwise use this data.” There is currently no indication the data has been shared online.

As a result of the attack, the ICRC temporarily shut down its “Restoring Family Links” program, which helps reunite families separated by conflict, disaster, or migrations. IRIC is “working as quickly as possible to identify workarounds to continue this vital work,” according to a news release.

Updated 1/21/2022: Updated with additional information about the attack.

Tonya Riley

Written by Tonya Riley

Tonya Riley covers privacy, surveillance and cryptocurrency for CyberScoop News. She previously wrote the Cybersecurity 202 newsletter for The Washington Post and before that worked as a fellow at Mother Jones magazine. Her work has appeared in Wired, CNBC, Esquire and other outlets. She received a BA in history from Brown University. You can reach Tonya with sensitive tips on Signal at 202-643-0931. PR pitches to Signal will be ignored and should be sent via email.

Latest Podcasts