Red Cross has been hit by a cyberattack that has exposed over 515,000 vulnerable people’s data, forcing the organisation to shut down systems and operations.
The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, including those separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world.
Jamie Moles, Senior Technical Manager at ExtraHop, commented: “Charity is big business nowadays. There is much concern from charity watchdogs about some larger organisations holding significant capital in investments and not spending it on the cause they are meant to be championing. A few prominent charities in the UK have been accused of spending less than 10% of their income on their stated mission – the rest going on salaries, premises and marketing. So, from an entrepreneurial criminals point of view, attacking these organisations would be no different to attacking any other large business. However, the Red Cross is reputed to spend 72% of its donations on charitable services.
“This could play out in a number of ways. The charity could – and should – plead its case to the extorters not to release the data. The attackers could be concerned about bad press surrounding attacking a charity and move onto other targets. Finally, charities aren’t well known for spending money on security. Perhaps this might force a review of priorities.”