1. Home
  2. Global

Comment: Red Cross data hack

‘It’s in many ways the worst-case scenario we’ve been warning about for years.’

The fallout is just beginning after what data privacy researchers say could be the biggest-ever breach of humanitarian data.

The New Humanitarian spoke to Zara Rahman, acting executive director of The Engine Room, a tech and data non-profit, to find out why this huge hack at the International Committee of the Red Cross (ICRC) on 19 January shouldn’t come as a surprise, and what the aid sector needs to do to protect itself — and vulnerable people.

For Rahman, “it’s in many ways the worst-case scenario we’ve been warning about for years now”, but what should perhaps concern us more, she warns, is that it happened at the ICRC, a place considered to have one of the best digital protection practices in the sector.

Watch this short video for her full comment on the hack.

The ICRC said the cyber-attack compromised the data of more than 515,000 of the world’s most vulnerable – including people uprooted by conflict and disasters. The exposed data reportedly includes names, locations, and contact information collected by at least 60 Red Cross and Red Crescent societies around the globe.

The ICRC said it wasn’t clear if the data was shared (though a user on one hackers’ forum claimed to be ransoming it). While the ICRC is urging hackers not to release the data, some analysts also said the group itself should be held accountable: “Humanitarian [organisations] should not get a free pass. They are responsible to safeguard the data they collect,” tweeted Stefan Soesanto, a cybersecurity researcher.

Will this high-profile hack spark long-demanded improvements to information security across the aid sector?

Experts have long urged aid groups to prioritise the issue, but the list of poor practices grows ever longer: unreported breaches, insecure systems, security lapses, ransomware attacks, poor data-handling, questionable partnerships, or simply collecting too much data in the first place.

For a sobering deep dive on these examples and more, check out our ongoing collection of reporting on humanitarian technology.

Share this article

Right now, we’re working with contributors on the ground in Ukraine and in neighbouring countries to tell the stories of people enduring and responding to a rapidly evolving humanitarian crisis.

We’re documenting the threats to humanitarian response in the country and providing a platform for those bearing the brunt of the invasion. Our goal is to bring you the truth at a time when disinformation is rampant. 

But while much of the world’s focus may be on Ukraine, we are continuing our reporting on myriad other humanitarian disasters – from Haiti to the Sahel to Afghanistan to Myanmar. We’ve been covering humanitarian crises for more than 25 years, and our journalism has always been free, accessible for all, and – most importantly – balanced. 

You can support our journalism from just $5 a month, and every contribution will go towards our mission. 

Support The New Humanitarian today.

Become a member of The New Humanitarian

Support our journalism and become more involved in our community. Help us deliver informative, accessible, independent journalism that you can trust and provides accountability to the millions of people affected by crises worldwide.