A massive hack of the International Committee of the Red Cross has compromised information from employees, refugees, detainees, migrants, and family members of all those groups, and the culprit remains unknown.
Information on some 515,000 “highly vulnerable” individuals has been stolen the Red Cross revealed on Wednesday in a statement posted to its website. The data was apparently stolen from a third-party Swiss contractor with whom the ICRC stored it, and there is no indication that it has yet been leaked or otherwise shared publicly.
The ICRC has urged the hackers not to publish any of the information, which originated from at least 60 Red Cross and Red Crescent societies worldwide.
Writing that “an attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” the organization urged the hackers to “please do the right thing. Do not share, sell, leak or otherwise use this data.”
“This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk,” ICRC director-general Robert Mardini wrote. “We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”
The stolen data includes names, locations, contact information, and credentials used in accessing organizational programs. Login information for some 2,000 staffers and volunteers working for the Red Cross was also stolen.
The entirety of a program called Restoring Family Links, which connects family members who are separated by warfare or natural disasters, has been shut down due to the disruption caused by the hack.