Cyberattack on ICRC: Information for those affected

Video message and responses to possible questions about the cyberattack on the ICRC. Available in the following languages: German, French, Italian, English, Dari, Pashtu, Tigrinya, Amharic, Tamil, Arabic and Somali.

Information in English

Video message

Call center : 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

Questions and answers

On 18 January 2022, the ICRC detected a cyberattack on one of its databases. The database concerned is the basis for the work of our SRC Tracing Service. All information on search requests – both ongoing and completed – is saved in the database concerned.

The cyberattack is being investigated thoroughly by the ICRC. It stored and coordinated the international exchange of the data of more than 60 Red Cross and Red Crescent societies.

The authors of the cyberattack are unknown. To date, there is also no evidence that the stolen data have been published.

We need a range of information to support people in their search for missing relatives. Where were the relatives last seen? When did they last have contact with them? Every detail can help in the search. With the agreement of those affected, this information is shared in a targeted manner within the network – which increases the chances of finding the missing relatives. To provide this assistance, we often need to collect and save personal details.

The breach involved around 18000 datasets. The data concerned are personal details provided to us by those searching. These include sensitive data such as

  • full name,

  • contact details (e-mail address, telephone number, etc.),

  • names and other personal details of family members being looked for,

  • details on the circumstances of their disappearance, and

  • correspondence and documents for the search and establishing contact.

At present, the ICRC assumes that the data were copied and exported. To date, there is no evidence that they have been published or offered for sale. The ICRC teams monitor this incident carefully. The ICRC immediately suspended access to the databases worldwide as a protective measure.

The ICRC has been investigating the breach and evaluated the risks and impact as follows: www.icrc.org/en/document/icrc-cyber-attack-analysis

Together with the ICRC, we will assess the potential risks for those affected on an ongoing basis and, if necessary, take specific action in individual cases.

The Swiss authorities have been informed transparently and in full. The SRC remains in contact with them and is able draw on the proven cooperation.

The SRC takes data protection and information security very seriously. We secure our IT systems according to industry standards and, where needed, take all necessary measures to protect your data and minimize potential risks as far as possible.

Tell us if you notice anything unusual. Call us if you have questions or concerns. We’re here for you.

Preventive measures

  • If you receive a suspicious e-mail or text message, delete it immediately; do not forward it. The message may appear to be from a reputable source (e.g. the Red Cross).

  • Never reply to suspicious messages and do not enter personal information such as your username, password, ID number, medical information, etc.

  • If in doubt, contact us: tracing@redcross.ch / 058 400 43 80.

The intentions of the cybercriminals are as yet unknown. At present, it is assumed that the data were copied and exported. The consequences are currently limited to illegal access by unauthorized persons. Further consequences are currently still unclear.

When people are missing, their families and friends experience considerable fear and uncertainty. These cyberattacks to a large extent impede our ability to collaborate with our Red Cross and Red Crescent partners and provide families with answers as to where their relatives are. Every day, the Red Cross and Red Crescent Movement helps 12 people to restore contact with their relatives. This important work has been jeopardized by the cyberattack.

Other SRC IT systems are not affected by the cyberattack. This means that only data from the SRC Tracing Service are affected. Donor-related data and other sensitive data, such as living wills and registration details for healthcare professions are not affected. These data all run on separate IT systems, which are not affected by the cyberattack.

سوال و جواب ها در مورد حمله سایبری به کم یت ه ب ینالمللی صلیب سر خ

دری

اطلاعات به زبان دری

Callcenter:
058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

په ICRC د سایبري برید په اړه پوښتنه او ځواب

پښتو

معلومات په پښتو ژبه

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

ብዛዕባ እቲ ኣብ ICRC ብኢንተርነት እተፈጸመ መጥቃዕቲ

ብትግርኛ

-ሓበሬታ ብትግርኛ

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

IKRK በ (ዓለም ኣቀፍ የቀይ መስቀል ኮሚቴ) ላይ በደረሰው የሳይበር ጥቃት ላይ ያሉ ጥያቄዎች እና መልሶች

በኣማርኛ

ኣማርኛ

መረጃ በኣማርኛ

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

சர்வதேச செஞ்சிவைச் சங்கம் (ICRC) மீதான சைபர் தாக்குதல் தொடர்பான கேள்வி பதில்

தமிழ்

தமிழில்
தகவல்

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

أسئلة وأجوبة عن الهجوم الإلكتروني على اللجنة الدولية للصليب الأحمر

عربى

معلومات باللغة العربية

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

Su'aalo iyo jawaabo ku saabsan weerarkii dhanka internetka ee ICRC-da lala beegsadey.

Soomaali

Warbixin af-soomaali ah

Call center: 058 400 43 80

  • Monday, Tuesday, Thursday and Friday: 9.0012.30

  • Wednesday: 13.3016.30

Share this page

This might also interest you