Cyberattack on the most vulnerable

News • 24.01.2022

On 18 January 2022, the ICRC detected a cyberattack on the system of the International Red Cross and Red Crescent Movement. It affected the Restoring Family Links network, which forms the basis for international cooperation to reunite people who are separated due to war, violence, migration and other causes. The SRC strongly condemns the cyberattack and is extremely concerned for the safety of those affected.

SRC data are also affected

The Swiss Red Cross is one of around 60 national Red Cross and Red Crescent societies that have entered data in the ICRC's Restoring Family Links network. The SRC data concerned are private information from around 18,000 vulnerable people who have asked the SRC Tracing Service for help in recent years or who have been sought via the Tracing Service.

The database also contains largely publicly available information from around 1,200 Swiss partner organizations who have supported our searches in the past. The Swiss Red Cross has thus started to inform affected individuals and organizations quickly, directly and transparently about the theft of its data.

If you fear you may have been affected by the cyber attack and would like further information, you can find the latest updates here.

You can also contact our Tracing Service directly: tracing@redcross.ch, 058 400 43 80.

What are the consequences of the data theft?

The authors of the attack are unknown. To prevent further damage, the ICRC suspended access to the databases affected immediately. Furthermore, the ICRC has so far not identified any misuse or public use of these data.

The cyberattack also severely affects the work of our Tracing Service with those affected. In addition, collaboration within our network is scarcely possible. No data were deleted in the data breach, and our teams are working on setting up a temporary system to enable us to continue with our important work.

SRC systems not affected

The cyberattack is limited to the ICRC's Restoring Family Links network; the SRC's systems are not affected. Data from donors and other sensitive data such as living wills or data from the National Register of Healthcare Professionals are stored on SRC systems and are therefore not affected.

Digital space for humanitarian work must be protected

Various countries (including Switzerland) have entrusted the ICRC as an impartial humanitarian organization with certain tasks. These include gathering information on people reported missing to reunite separated family members. The Red Cross needs a safe, reliable digital humanitarian space. This attack has violated this space in every respect.

For further information

Media enquiries

Raymond Ruch, head of communication
raymond.ruch@redcross.ch
058 400 41 32

Q&A

On 18 January 2022, the ICRC detected a cyberattack on one of its databases. The database concerned is the basis for the work of our SRC Tracing Service. All information on search requests – both ongoing and completed – is saved in the database concerned.

The cyberattack is being investigated thoroughly by the ICRC. It stored and coordinated the international exchange of the data of more than 60 Red Cross and Red Crescent societies.

The authors of the cyberattack are unknown. To date, there is also no evidence that the stolen data have been published.

We need a range of information to support people in their search for missing relatives. Where were the relatives last seen? When did they last have contact with them? Every detail can help in the search. With the agreement of those affected, this information is shared in a targeted manner within the network – which increases the chances of finding the missing relatives. To provide this assistance, we often need to collect and save personal details.

The breach involved around 18000 datasets. The data concerned are personal details provided to us by those searching. These include sensitive data such as

  • full name,

  • contact details (e-mail address, telephone number, etc.),

  • names and other personal details of family members being looked for,

  • details on the circumstances of their disappearance, and

  • correspondence and documents for the search and establishing contact.

At present, the ICRC assumes that the data were copied and exported. To date, there is no evidence that they have been published or offered for sale. The ICRC teams monitor this incident carefully. The ICRC immediately suspended access to the databases worldwide as a protective measure.

The ICRC has been investigating the breach and evaluated the risks and impact as follows: www.icrc.org/en/document/icrc-cyber-attack-analysis

Together with the ICRC, we will assess the potential risks for those affected on an ongoing basis and, if necessary, take specific action in individual cases.

The Swiss authorities have been informed transparently and in full. The SRC remains in contact with them and is able draw on the proven cooperation.

The SRC takes data protection and information security very seriously. We secure our IT systems according to industry standards and, where needed, take all necessary measures to protect your data and minimize potential risks as far as possible.

Tell us if you notice anything unusual. Call us if you have questions or concerns. We’re here for you.

Preventive measures

  • If you receive a suspicious e-mail or text message, delete it immediately; do not forward it. The message may appear to be from a reputable source (e.g. the Red Cross).

  • Never reply to suspicious messages and do not enter personal information such as your username, password, ID number, medical information, etc.

  • If in doubt, contact us: tracing@redcross.ch / 058 400 43 80.

The intentions of the cybercriminals are as yet unknown. At present, it is assumed that the data were copied and exported. The consequences are currently limited to illegal access by unauthorized persons. Further consequences are currently still unclear.

When people are missing, their families and friends experience considerable fear and uncertainty. These cyberattacks to a large extent impede our ability to collaborate with our Red Cross and Red Crescent partners and provide families with answers as to where their relatives are. Every day, the Red Cross and Red Crescent Movement helps 12 people to restore contact with their relatives. This important work has been jeopardized by the cyberattack.

Other SRC IT systems are not affected by the cyberattack. This means that only data from the SRC Tracing Service are affected. Donor-related data and other sensitive data, such as living wills and registration details for healthcare professions are not affected. These data all run on separate IT systems, which are not affected by the cyberattack.

Share this page

This might also interest you