Red Cross Becomes Victim to ‘Sophisticated Cyber Attack’

January 31, 2022 • Shannon Flynn


The International Committee of the Red Cross (ICRC) announced a massive cyberattack on January 19. According to the news release, the Red Cross hack compromised the personal information of more than 515,000 people across 60 locations.

Because of the attack, the ICRC has had to shut down its Restore Family Links site. As a result, it may have a hard time reuniting separated families until it gets to the bottom of the issue. So how did this attack happen, and what can we learn from it?

How the Red Cross Hack Happened

The Red Cross hack didn’t directly target Red Cross centers themselves. Instead, attackers targeted a third-party service in Switzerland that the organization pays to store data. Since they attacked a centralized data storage center, they could steal data from dozens of Red Cross locations in one hack.

A spokesperson told NPR there have been no demands in return for the stolen data, so it likely wasn’t a ransomware attack. The ICRC has also said that there are no signs of attackers leaking the data. Robert Mardini, the ICRC’s director-general, pleaded that the attackers not leak or share it, emphasizing that the victims are “among the world’s least powerful [people].”

While the ICRC discovered the breach on January 18, the attack happened nearly two months earlier. After early investigations, the Red Cross discovered the first breach happened on November 21, 2021. Attackers could’ve slowly breached more and more data until the Red Cross discovered it.

Red Cross’s History With Cyber Attacks

While this incident is unusually large, this isn’t the first Red Cross hack in history. The Singapore Red Cross suffered a data breach in 2019. In that incident, attackers broke through a weak administrator password to steal the personal information of more than 4,000 blood donors. Later, the branch had to pay a hefty fine for failing to provide sufficient cybersecurity.

Similarly, a hacker stole the data of half a million blood donors in Australia in 2016. A website developer hired by the Red Cross had left the data unsecured on a development website, where someone was able to take it. At least one person was able to find the data and give it back to victims, but it’s unclear if anyone else with more malicious intentions did, too.

Why Do Cybercriminals Target Nonprofits?

Attacks against nonprofits seem particularly cruel, but it’s easy to understand why they happen. Organizations like the Red Cross hold lots of valuable data, which means there’s lots of money to be made.

Laws like the No Surprises Act require people to share some information for medical payments, which organizations like the Red Cross help with. As a result, these bodies end up holding data like financial information, people’s full names and addresses and more. Data like that can let attackers hack into other accounts or sell them to other threat actors for a high price.

People are also generally willing to pay to get sensitive data back. That’s why sectors like education, government and healthcare are the most popular targets for ransomware attacks. As long as criminals can make money off these organizations, they’ll keep targeting them.

The Red Cross hack also highlights how many nonprofits lack sufficient cybersecurity. They’re not security experts, and they rely on various third parties that may not be secure, either. This combination of sensitive data and low security makes them a tempting target for cybercriminals. Following basic cybersecurity practices could prevent a lot of the cyber attacks nonprofits experience.

The Red Cross Hack Is a Jarring Reminder

The full extent of the Red Cross hack is still uncertain. The attackers may not do anything with the data, or they could expose it and endanger hundreds of thousands of already vulnerable people. Regardless of the outcome, it serves as a harsh reminder of the need for better cybersecurity, especially for nonprofits.