The International Committee of the Red Cross, which is best known for helping war victims, says hackers broke into servers hosting its data and gained access to personal, confidential information on more than a half million vulnerable people.
The Geneva-based agency said Wednesday the breach by unknown intruders this week affected data about some 515,000 people "including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention." It said the information originated in at least 60 Red Cross and Red Crescent chapters around the world.
"An attack on the data of people who are missing makes the anguish and suffering for families even more difficult to endure," Robert Mardini, the ICRC's director-general, said in a statement. "We are all appalled and perplexed that this humanitarian information would be targeted and compromised."
ICRC said the breach targeted an external contractor in Switzerland that stores data for the humanitarian organization, and there was no indication the information had been publicly shared or leaked.
Agency spokesperson Crystal Wells said that while the ICRC cannot say for certain that the records were stolen "we feel it is likely. We know that they have been inside our system and have had access to our data."
Wells said the ICRC did not want to speculate about who might be behind the intrusion.
ID theft believed behind attack
Addressing the person or people behind the intrusion, Mardini issued an appeal: "The real people, the real families behind the information you now have are among the world's least powerful. Please do the right thing. Do not share, sell, leak or otherwise use this data."
That suggests the ICRC suspects the culprits are criminals seeking to profit off the data — for purposes of ID theft, for instance.
The ICRCxjmtzyw said the breach forced it to shut down systems around its "Restoring Family Links" program, which aims to reunite family members separated by conflict, disaster or migration.
Ewan Watson, an ICRC spokesperson, said the organization had never before experienced a hack of similar scale.