Australian Red Cross is contacting clients and reviewing its local systems and services in the wake of a “major” cyber attack on a large database hosted by the International Committee of the Red Cross (ICRC).
The database held case file details on more than 500,000 people worldwide who had sought services for loved ones missing or uncontactable overseas due to disaster or conflict, or that were being held in immigration detention.
Red Cross and Red Crescent national societies worldwide group these services under the name ‘restoring family links’ or RFL.
Australian Red Cross said in a statement at the end of last week that a range of personal details and supplied documentation “may have been put into the database”.
“This is a standard internal process to ensure that information is kept in one place, and we can communicate with our partners in other countries when trying to find a missing loved one,” Australian Red Cross said in an advisory.
“This information may include your name, your contact details, information about the circumstance of your missing loved one, and the names and contact details of any relatives you have told us about, or information about the circumstances of your detention and the concerns you raised with us.
“It includes all documents provided to us in the course of managing your case, which may include identity documents, intake forms, Attestation of Detention certificates from ICRC, Red Cross Messages exchanged between family members, and photos.”
Australian Red Cross said it had “no indication” the information had been “deleted or tampered with”, misused or leaked.
However, it noted that “hackers were inside the system and had the ability to copy and export information.”
One of the difficulties faced by Australian Red Cross in trying to establish the extent of local exposure to the incident is that its access to the database is now cut off.
That is also affecting its ability to provide humanitarian services.
“We are not currently able to access any case information or work on any cases,” the local arm said.
“The ICRC is now in the process of identifying short-term solutions to enable Red Cross and Red Crescent teams worldwide to continue providing humanitarian services for the people impacted by this incident.”
Australian Red Cross said it is also undertaking “an independent review of local systems and services to ensure that they remain secure”.
The attack targeted a data storage provider contracted by the ICRC that held data from “at least 60 Red Cross and Red Crescent National Societies around the world,” the ICRC said in a statement last week.
ICRC's director-general Robert Mardini urged the attackers not to leak the data.
“Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering,” Mardini said.
“The real people, the real families behind the information you now have are among the world's least powerful.
“Please do the right thing. Do not share, sell, leak or otherwise use this data."