Cybercriminals Launch an Attack on Red Cross Organization and Capture Data of Over 500,000 Vulnerable People

Threat actors can and will hunt down anyone, including vulnerable people who can’t defend or protect themselves, like missing persons and abandoned children. That’s because the Red Cross organization has recently suffered a security breach that led to a data leak – the victims are individuals in need of some form of social protection.

This event only shows that even a notorious organization known for its philanthropic actions across the world isn’t safe from being the target of a cyber-attack.

Compromised Sensitive Data at Red Cross

The International Committee of the Red Cross (ICRC) announced it was the target of a cyber-attack that resulted in a data breach that exposed personal data of over 500,000 people. These are worldwide vulnerable people who have been receiving assistance and humanitarian support from the organization.

The specific target was the Red Crescent Movement’s Restoring Family Links services. The Link services is a sub-division that makes great efforts to reconnect missing people and children with their families after tragic events like wars or natural disasters and offers support on various social issues.

Vulnerable people impacted by the Red Cross breach include:

      • People separated from their families due to conflict, migration, and disaster
      • Missing persons and their families
      • People in detention

Stolen personal information entails names, contact information, and locations.

Additionally, attackers stole credentials such as the login information for about 2,000 Red Cross and Red Crescent staff, volunteers, and respondents.

Twitter, details of Red Cross data breach

No Signs of a Ransomware Attack

The company mentioned it decided to keep the affected servers offline to analyze the severity of the attack and perform an independent audit. Red Cross representatives also argued they don’t know who’s behind the attack; so far, no ransom was requested, and there are no signs the captured data is on sale on the black market or any dark web forums. Although a good sign, it’s no guarantee it won’t happen in the future.

The organization stated its concern that all the captured sensitive data could be “used by States, non-state groups, or individuals to contact or find people to cause harm.” The end goal of this attack might not be a financial gain but simply the desire to create disruption or instill anxiety and fear.

In a public statement, Robert Mardini, the Director-General of the International Committee of the Red Cross, begged the attackers to do the right thing and not make bad use of the stolen personal data:

The real people, the real families behind the information you now have, are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data…Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering.

Anyone is a Target These Days

There was a time when cyber-attackers were only after big, famous companies and bad actors were even deliberately keeping charitable and philanthropic foundations away from their fraudulent schemes. Those days are certainly gone. Cybercriminals seem to have no limit, as they’ve even exploited the current pandemic and unleashed attacks on worldwide hospitals and healthcare facilities and staged charity scams too.

So far, there’s no data on whether Red Cross systems were vulnerable or not properly secured. Even if they had tight security measures, the current cybersecurity scene shows that any company or organization is bound to suffer some form of cyber-attack despite strong cybersecurity practices. Big or small, it’s not a matter of “if”, but “when.”

That’s why anyone needs to constantly upgrade their online security habits and stay up to date with the latest trends in this sector.

Find out more details on how to defend yourself and avoid:

Plus, a VPN is always a handy tool and a friend in need, keeping your online data private and away from snooping eyes.

What security practices do you enforce to stay away from online threats?

Let me know in the comments section below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*