War victims’ details stolen in hack on Red Cross

Hackers targeting the International Red Cross (ICRC) have stolen the personal details of more than half a million “highly vulnerable” people.

The humanitarian organisation, which works with victims of war, the missing and detainees around the world, said it had been the victim of a “sophisticated cyber-attack”.

It is unclear who carried out the attack.

But the ICRC pleaded with whoever had taken the data not to leak or share it.

It said confidential information about 515,000 people – many of them vulnerable victims of war – had been taken. The data came from more than 60 Red Cross and Red Crescent national societies around the world.

The Geneva-based body said the hackers had targeted an external company in Switzerland that the ICRC used to store data.

There is no sign the data has yet been leaked, but the ICRC has had to shut down the system it uses to reunite families separated by war.

ICRC Director-General, Robert Mardini, said the hack put vulnerable people at greater risk.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” Mr Mardini said.

“We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”

And he called on those responsible to “do the right thing – do not share, sell, leak or otherwise use this data”.

A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack – US Independence Day, July 4.

They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work.

Before long, more than 1,000 companies in the US, and at least 17 other countries, were under attack from hackers.

Many firms were forced into a costly downtime period as a result.

Among those targeted during the incident was a well-known software provider, Kaseya.

REvil used Kaseya as a conduit to spread its ransom ware – a malware that can scramble and steal an organisation’s computer data – through other corporate and cloud-based networks that use the software.

REvil took credit for the incident and claimed to have encrypted more than one million systems. -BBC

Show More
Back to top button