Red Cross implores Hackers Not to Leak Data for 515k “Highly Vulnerable People”


Thread author
Staff member
Malware Hunter
Jul 27, 2015
The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster or migration.

"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data." Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no "immediate indications as to who carried out this cyber-attack" and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.


Level 27
Top poster
Sep 13, 2018
Well, I'll be the "bad guy" here but it seems the Red Cross needs to urgently review its security practices--esp. since there was another hack on it a year ago (from article).

1. How was the data stolen in the first place? Vet your contractors in advance!
2. If the Red Cross doesn't want the data leaked, it might have to pay for that. Nothing is really "free" or "sacred" any more.

I read most of the comments following the article--the various potential uses of that data by crooks are terrible.