Red Cross implores Hackers Not to Leak Data for 515k “Highly Vulnerable People”

upnorth

Moderator
Thread author
Verified
Staff member
Malware Hunter
Well-known
Jul 27, 2015
4,785
The Red Cross on Wednesday pleaded with the threat actors behind a cyberattack that stole the personal data of about 515,000 people who used a program that works to reunite family members separated by conflict, disaster or migration.

"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," Robert Mardini, the director-general of the International Committee for the Red Cross, said in a release. “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data." Wednesday’s release said the personal data was obtained through the hack of a Switzerland-based subcontractor that stores data for the Red Cross. The data was compiled by at least 60 different Red Cross and Red Crescent National Societies worldwide. The ICRC said it has no "immediate indications as to who carried out this cyber-attack" and is so far unaware of any of the compromised information being leaked or shared publicly.

Those affected had used Restore Family Links, a service the Red Cross operates in cooperation with the Red Crescent to reunite families. On Wednesday, the site was down. The Internet Archive last updated it on December 27, raising the possibility of the breach occurring a few weeks ago.
 

plat1098

Level 27
Verified
Top poster
Well-known
Sep 13, 2018
1,638
Well, I'll be the "bad guy" here but it seems the Red Cross needs to urgently review its security practices--esp. since there was another hack on it a year ago (from article).

1. How was the data stolen in the first place? Vet your contractors in advance!
2. If the Red Cross doesn't want the data leaked, it might have to pay for that. Nothing is really "free" or "sacred" any more.

I read most of the comments following the article--the various potential uses of that data by crooks are terrible.