ICRC Headquarters, Geneva

Sophisticated cyber-attack targets Red Cross Red Crescent data on 500,000 people

A sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC) was detected this week.
News release 19 January 2022 Switzerland

The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.

The ICRC's most pressing concern following this attack is the potential risks that come with this breach -- including confidential information being shared publicly -- for people that the Red Cross and Red Crescent network seeks to protect and assist, as well as their families. When people go missing, the anguish and uncertainty for their families and friends is intense.

"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure. We are all appalled and perplexed that this humanitarian information would be targeted and compromised," said Robert Mardini, ICRC's director-general. "This cyber-attack puts vulnerable people, those already in need of humanitarian services, at further risk."

The ICRC has no immediate indications as to who carried out this cyber-attack.* There is not yet any indication that the compromised information has been leaked or shared publicly.

"While we don't know who is responsible for this attack, or why they carried it out, we do have this appeal to make to them," said Mr Mardini. 

"Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering. The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."

The ICRC along with the wider Red Cross and Red Crescent network jointly runs a program called Restoring Family Links that seeks to reunite family members separated by conflict, disaster or migration. Because of the attack, we have been obliged to shut down the systems underpinning our Restoring Family Links work, affecting the Red Cross and Red Crescent Movement's ability to reunite separated family members. We are working as quickly as possible to identify workarounds to continue this vital work.

"Every day, the Red Cross Red Crescent Movement helps reunite on average 12 missing people with their families. That's a dozen joyful family reunifications every day. Cyber-attacks like this jeopardise that essential work," Mr Mardini said. "We are taking this breach extremely seriously.

We are working closely with our humanitarian partners worldwide to understand the scope of the attack and take the appropriate measures to safeguard our data in the future."

*The original news release published on 19 January 2022 said that the attack targeted an external company in Switzerland that the ICRC contracts to store data. This was a targeted attack on ICRC servers, not the company that hosted them.


For more information, please contact:
Crystal Wells, ICRC Geneva, at cwells@icrc.org,
or +41 79 642 80 56

Ewan Watson, ICRC Geneva, ewatson@icrc.org,
or +41 79 244 64 70

Elizabeth Shaw, ICRC Washington, D.C., at egormanshaw@icrc.org,
or +1 202 361 1566