The International Committee of the Red Cross said today that sometime this week it was hit with a cyberattack that compromised the data of 515,000 vulnerable people.

The data concerned came from at least 60 Red Cross and Red Crescent national securities around the globe, related to missing people and families, people separated by conflict, those affected by disasters and people currently in detention. The organization said the most pressing concern is that some of this information that was breached will be made publicly available.

It’s a particularly nasty attack given that soon after it happened, the ICRC had to take drastic action and shut down its support system, Restoring Family Links. This system helps people find relatives or loved ones who have been separated through conflicts, migration or disasters.

“An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure,” said Robert Mardini, ICRC’s director-general. “We are all appalled and perplexed that this humanitarian information would be targeted and compromised.”

The ICRC could confirm that this wasn’t a ransomware attack, and it’s still not certain if any of the data has appeared somewhere online. The attack is of note seeing that it’s the biggest the organization has faced and, according to one former cyberwarfare expert, arguably the biggest hack of any humanitarian organization.

Since no information seems to have appeared online and no payment has been asked for, it’s not clear why the attack happened. Mardini said he urges anyone involved in the attack to understand the sensitiveness of the data and refrain from exposing any of it.

“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” he said. “The real people, the real families behind the information you now have are among the world’s least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data.”

Tim Wade, technical director of the CTO Team at Vectra AI Inc., a San Jose, California-based AI cybersecurity company, told SiliconANGLE that although some cybercriminal groups avoid organizations such as the Red Cross, not all of them do. “We’re increasingly seeing attacks that are just as much about disruption, fear, and discrediting opposing ideologies instead of making money,” he said. “Regardless of whether this was targeted or merely opportunistic, it’s clear that every organization faces some level of material cyberthreat today.”

Indeed, Hank Schless, senior manager of security solutions at Lookout Inc., a San Francisco-based endpoint-to-cloud security company, warned that nothing is off-limits to cybercriminals — including outside vendors used by an organization.

“If you’re going to integrate with a third party, even if it’s through a simple API to store data, it’s critical to go through a full security review with the solution provider,” he advised. “Doing so on a regular basis will help mitigate the risk of your data mistakenly being leaked from an environment that’s out of your control. It’s also important to be able to understand how data is moving in and out of your infrastructure — both through automated processes and manual employee actions.”

With reporting from Duncan Riley

Photo: Julien Flutto/Unsplash