Become part of the world’s biggest dialogue experiment.

Find out how you can get involved
  1. Home
  2. Global

Comment: Red Cross data hack

‘It’s in many ways the worst-case scenario we’ve been warning about for years.’

The fallout is just beginning after what data privacy researchers say could be the biggest-ever breach of humanitarian data.

The New Humanitarian spoke to Zara Rahman, acting executive director of The Engine Room, a tech and data non-profit, to find out why this huge hack at the International Committee of the Red Cross (ICRC) on 19 January shouldn’t come as a surprise, and what the aid sector needs to do to protect itself — and vulnerable people.

For Rahman, “it’s in many ways the worst-case scenario we’ve been warning about for years now”, but what should perhaps concern us more, she warns, is that it happened at the ICRC, a place considered to have one of the best digital protection practices in the sector.

Watch this short video for her full comment on the hack.

The ICRC said the cyber-attack compromised the data of more than 515,000 of the world’s most vulnerable – including people uprooted by conflict and disasters. The exposed data reportedly includes names, locations, and contact information collected by at least 60 Red Cross and Red Crescent societies around the globe.

The ICRC said it wasn’t clear if the data was shared (though a user on one hackers’ forum claimed to be ransoming it). While the ICRC is urging hackers not to release the data, some analysts also said the group itself should be held accountable: “Humanitarian [organisations] should not get a free pass. They are responsible to safeguard the data they collect,” tweeted Stefan Soesanto, a cybersecurity researcher.

Will this high-profile hack spark long-demanded improvements to information security across the aid sector?

Experts have long urged aid groups to prioritise the issue, but the list of poor practices grows ever longer: unreported breaches, insecure systems, security lapses, ransomware attacks, poor data-handling, questionable partnerships, or simply collecting too much data in the first place.

For a sobering deep dive on these examples and more, check out our ongoing collection of reporting on humanitarian technology.

Share this article

Hundreds of thousands of readers trust The New Humanitarian each month for quality journalism that contributes to more effective, accountable, and inclusive ways to improve the lives of people affected by crises.

Our award-winning stories inform policymakers and humanitarians, demand accountability and transparency from those meant to help people in need, and provide a platform for conversation and discussion with and among affected and marginalised people.

We’re able to continue doing this thanks to the support of our donors and readers like you who believe in the power of independent journalism. These contributions help keep our journalism free and accessible to all.

Show your support as we build the future of news media by becoming a member of The New Humanitarian. 

Become a member of The New Humanitarian

Support our journalism and become more involved in our community. Help us deliver informative, accessible, independent journalism that you can trust and provides accountability to the millions of people affected by crises worldwide.