The British Red Cross has been forced to suspend its international family tracing work after being affected by a major cyber attack against one of its global partner organisations.
The International Committee of the Red Cross, the Geneva-based humanitarian organisation that works with the BRC and its equivalent Red Cross and Red Crescent societies around the world, said it had this week detected a “sophisticated cyber security attack” against its servers that had compromised sensitive information of more than 500,000 vulnerable people.
“The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention,” the ICRC said in a statement.
The attack has forced the ICRC to suspend its Restoring Family Links scheme, which works with individual Red Cross and Red Crescent organisations across the world to reunite family members separated by conflict, disaster or migration.
The ICRC said it had no immediate indication as to who carried out the attack, which targeted an external company in Switzerland that the organisation contracts to store data.
There has not yet been any indication that the compromised information had been leaked or shared publicly, the ICRC said, which was its most pressing concern.
It said the affected information originated from at least 60 Red Cross and Red Crescent national societies around the world.
Robert Mardini, director-general of the ICRC, said: “We are all appalled and perplexed that this humanitarian information would be targeted and compromised. This cyber attack puts vulnerable people, those already in need of humanitarian services, at further risk.”
The BRC said in a statement that it was taking the breach extremely seriously and was investigating how the attack had affected its international family tracing operations, which have been put on hold.
“We are appalled and extremely concerned that this sensitive humanitarian data would be targeted and compromised in this way,” the BRC said.
“An attack on the data of people who are missing makes the anguish and suffering of their families even more difficult to endure.
“We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data now and in the future,” it said.
Mardini also said: “Every day, the Red Cross Red Crescent movement helps reunite, on average, 12 missing people with their families. Cyber attacks like this jeopardise that essential work.”