Question 1

In brief: what happened?

Accepted Answer

On 18 January 2022, the ICRC detected a cyberattack on one of its databases. The database concerned is the basis for the work of our SRC Tracing Service. All information on search requests – both ongoing and completed – is saved in the database concerned.  The cyberattack is being investigated thoroughly by the ICRC. It stored and coordinated the international exchange of the data of more than 60 Red Cross and Red Crescent societies. The authors of the cyberattack are unknown. To date, there is also no evidence that the stolen data have been published.

Question 2

Why do we save these personal data?

Accepted Answer

We need a range of information to support people in their search for missing relatives. Where were the relatives last seen? When did they last have contact with them? Every detail can help in the search. With the agreement of those affected, this information is shared in a targeted manner within the network – which increases the chances of finding the missing relatives. To provide this assistance, we often need to collect and save personal details.

Question 3

How much data does this cyberattack involve?

Accepted Answer

The breach involved around 18’000 datasets. The data concerned are personal details provided to us by those searching. These include sensitive data such as full name, contact details (e-mail address, telephone number, etc.), names and other personal details of family members being looked for, details on the circumstances of their disappearance, and correspondence and documents for the search and establishing contact.

Question 4

What did the cybercriminals do with the data?

Accepted Answer

At present, the ICRC assumes that the data were copied and exported. To date, there is no evidence that they have been published or offered for sale. The ICRC teams monitor this incident carefully. The ICRC immediately suspended access to the databases worldwide as a protective measure.

Question 5

What is the ICRC doing?

Accepted Answer

The ICRC has been investigating the breach and evaluated the risks and impact as follows: www.icrc.org/en/document/icrc-cyber-attack-analysis

Question 6

What is the SRC doing?

Accepted Answer

Together with the ICRC, we will assess the potential risks for those affected on an ongoing basis and, if necessary, take specific action in individual cases.  The Swiss authorities have been informed transparently and in full. The SRC remains in contact with them and is able draw on the proven cooperation.  The SRC takes data protection and information security very seriously. We secure our IT systems according to industry standards and, where needed, take all necessary measures to protect your data and minimize potential risks as far as possible.

Question 7

What can those who are affected do?

Accepted Answer

Tell us if you notice anything unusual. Call us if you have questions or concerns. We’re here for you.  Preventive measures  If you receive a suspicious e-mail or text message, delete it immediately; do not forward it. The message may appear to be from a reputable source (e.g. the Red Cross).  Never reply to suspicious messages and do not enter personal information such as your username, password, ID number, medical information, etc.  If in doubt, contact us: tracing@redcross.ch / 058 400 43 80.

Question 8

What are the consequences of the cyberattack?

Accepted Answer

The intentions of the cybercriminals are as yet unknown. At present, it is assumed that the data were copied and exported. The consequences are currently limited to illegal access by unauthorized persons. Further consequences are currently still unclear. When people are missing, their families and friends experience considerable fear and uncertainty. These cyberattacks to a large extent impede our ability to collaborate with our Red Cross and Red Crescent partners and provide families with answers as to where their relatives are. Every day, the Red Cross and Red Crescent Movement helps 12 people to restore contact with their relatives. This important work has been jeopardized by the cyberattack.

Question 9

Are other SRC data affected?

Accepted Answer

Other SRC IT systems are not affected by the cyberattack. This means that only data from the SRC Tracing Service are affected. Donor-related data and other sensitive data, such as living wills and registration details for healthcare professions are not affected. These data all run on separate IT systems, which are not affected by the cyberattack.

Find out what your cantonal association offers

Cyberattack on the most vulnerable

SRC data are also affected

What are the consequences of the data theft?

SRC systems not affected

Digital space for humanitarian work must be protected

For further information

Media enquiries

Q&A

Any questions?

Share this page

This might also interest you

Searching for missing persons

Find out what your cantonal association offers

Cyberattack on the most vulnerable

SRC data are also affected

What are the consequences of the data theft?

SRC systems not affected

Digital space for humanitarian work must be protected

For further information

Media enquiries

Q&A

In brief: what happened?button-add

Why do we save these personal data?button-add

How much data does this cyberattack involve?button-add

What did the cybercriminals do with the data?button-add

What is the ICRC doing?button-add

What is the SRC doing?button-add

What can those who are affected do?button-add

What are the consequences of the cyberattack?button-add

Are other SRC data affected?button-add

Any questions?

Share this page

This might also interest you

Searching for missing persons