Days after the cyber-attack, Red Cross has now come up with an official update about the data breach. The hackers directly targeted ICRCs’ servers, without affecting the third-party hosting. It remains unclear how the hackers intend to exploit the accessed/stolen data.
Red Cross Data Breach Updates
Elaborating on the details in an update, Red Cross officials shared that the data breach happened due to a direct attack on their servers.
This was a targeted, direct cyber-attack on ICRC servers, not the company that hosted them. We manage the data and applications on these servers, not the hosting company.
The organization noticed the attack after its “cyber partners” detected anomalous activities on its servers. Investigating the matter made ICRC realize the severity of the data breach.
Following the attack, ICRC had to pull the affected servers offline which disrupted their operations – something they stated in their initial disclosure as well.
The attack also affected the login details of 2000 ICRC employees working on these programs.
Alongside investigations and remedial measures, Red Cross is also making efforts to inform the affected persons of the data breach.
However, the organization is yet to ascertain the identity of the attackers. Neither the firm has identified them yet, nor have they heard from the attackers. No ransom demand has arisen either in this regard.
Nonetheless, Red Cross intends to communicate with and convince the attackers to abandon any malicious plans for the stolen data.
In line with our standing practice to engage with any actor who can facilitate or impede our humanitarian work, we are willing to communicate directly and confidentially with whoever may be responsible for this operation to impress upon them the need to respect our humanitarian action.
While the attack happened some days ago, no evidence of data leak, abuse, or exploit has yet emerged.