Cyber security incident and data breach affecting data hosted by ICRC servers
Publié le 28 janvier 2022
What is the situation?
On 18 January, a breach was discovered at one of the International Committee of Red Cross’ (ICRC) data centre service providers. This means that someone outside of Red Cross accessed the Restoring Family Links (RFL) system and may have accessed your information. We did not lose any data in the cyber-security incident. For more information on the cyber-security incident and data breach, you can consult this Questions & Answers document on the ICRC website .
What does this mean for you?
We are still assessing the impact of the data breach and how this might have affected different contexts and people. We are aiming at having more concrete information over the coming days.
We want to reassure you that we stand by you in this very difficult situation. The Red Cross and Red Crescent Movement takes data security and privacy very seriously, especially the safety of the people we assist, and the protection of their information. We have invested substantially in cyber security and work with trusted partners to maintain high standards of data protection and system, including the monitoring of suspicious activity. We are doing everything in our power to fix this and prevent it from happening again.
What are we doing about the situation?
To prevent further breaches, we have since closed all access to the system. This means that we’re not currently able to access any case information or work on any cases until the system is restored.
While we don´t yet know the scope and the impact of this cyber-security incident, we are working to investigate the breach and assess its risks and impact.
We will post information as soon as we have an update.
What to do ? Potential mitigation measures
Beware of any phishing attacks, which is the practice of sending fraudulent communications that appear to come from a reputable source.
If you receive a suspicious email or text message claiming to be from Red Cross or asking for your personal information, immediately delete the message and do not forward or otherwise share it.
Do not respond to these messages or provide any personal details to unsolicited email that you may receive. Whenever in doubt, please contact your local Red Cross or Red Crescent national society or the International Committee of the Red Cross office in your own country through available emergency contact information before taking action on any messages.
Our message to you
We know you entrusted us with personal information and details about often traumatic events in your lives. This is not a responsibility we take lightly. We want you to know we are doing everything we can to restore the services that we are so proud to offer across the world. We will work to earn your trust so we can continue to serve you.
Read the statement in french