Cyberattack on the Italian Red Cross on January 18
On January 18 this year, the Italian Red Cross’s data systems were subjected to a cyberattack, resulting in the theft of personal data and information belonging to over 16,500 individuals. The affected individuals come from various countries and have opened tracing or family reunification cases.
The data stolen in the attack is part of the International Red Cross and Red Crescent Movement’s Restoring Family Links program (RFL), which spans countries where people have lost contact due to war, conflict, migration, and natural disasters. Portions of the stolen personal data have been published on the internet. This includes names, locations, family details, and other personal information of people who have sought help from the Red Cross and Red Crescent network.
The Italian Red Cross has now secured all data. The perpetrators of the cyberattack have not yet been identified, and no one has claimed responsibility for the attack. As soon as the attack was discovered, the Italian Red Cross reported the incident to the police and is now cooperating with them to identify the causes and those responsible for this act.
Our Response and Future Actions
On June 28, the Swedish Red Cross was informed that personal data linked to Swedish cases was among the stolen data. This involves around fifty individuals whose information was shared with the Italian Red Cross. On Monday, July 1, we submitted a report to the Swedish Authority for Privacy Protection (IMY).
We are working to inform all individuals and their families whose data may have been compromised about the measures being taken to protect their information and the risks they may potentially face. The Swedish Red Cross contacted all affected individuals in Sweden on the 9th of July 2024.
We deeply regret the incident and condemn this illegal breach of humanitarian data. The Red Cross is always diligent in protecting the information we handle by investing in information security and working with reliable partners who ensure high standards of protection for our systems, including continuous monitoring of suspicious activity. It was thanks to a report from one of these partners that the Italian Red Cross discovered the incident.
Despite the incident, our work continues to trace individuals reported missing. Every day, 12 people are reunited with their families thanks to the efforts of the Red Cross and Red Crescent. The cyberattack impacts our efforts to trace and reunite families separated by war and conflict. Humanitarian organizations like the Red Cross and Red Crescent have a responsibility to protect information about missing persons. This attack has severely violated this protected space. We urge those with unauthorized access to the information not to share, sell, or leak it further.
For years, we at the Red Cross, Red Crescent, and ICRC have warned about the increase in cyberattacks on healthcare and have raised our growing concerns about data protection in humanitarian situations. Now we are once again a target of an attack.
Data systems in Sweden at the Swedish Red Cross are not affected. Individuals in Sweden who have been in contact with us and have consented to the registration of personal data in cases concerning asylum, tracing, family reunification, travel assistance, or attestations of detention are welcome to contact the organization for further information at the following email address: data@redcross.se. You can also contact us on our migration hotline on Wednesdays 09.00-12.00 on 020-415 000.
What happened?
- In January 2024, the Italian Red Cross system was hacked, and we were informed on the 17th of June 2024, that the personal data of thousands of people was leaked and some of it was published. This included names, locations, and contact information.
- On June 28, the Swedish Red Cross was informed that personal data linked to Swedish cases was among the stolen data. This involves around fifty individuals whose information was shared with the Italian Red Cross. On Monday, July 1, we submitted a report to the Swedish Authority for Privacy Protection (IMY).
- As part of its Restoring Family Links programme, the Italian Red Cross (IRC) shares information with all its Red Cross and Red Crescent partners worldwide and with the International Committee of the Red Cross (ICRC) when they can contribute to preserving family unity. This means that the potential damage of this cybersecurity incident affects thousands of people around the world.
- We want to stress that not everyone who has engaged with these services and has shared information with us was affected.
What information was involved?
The cyberattack includes personal information such as names, locations, and contact details of more than 16,500 individuals. Among those affected are missing persons and their families, unaccompanied or separated children, prisoners, and other individuals who receive services from the Red Cross and Red Crescent as a result of armed conflict, natural disasters, or migration.
How many people in Sweden are affected by the breach?
Data from Sweden involves an estimated fifty registered individuals.
Was my personal information affected?
- We understand that it might sound worrying to hear this news and might raise questions on whether you could be one of the people impacted.
- Hackers and other unauthorized individuals have illegally accessed personal data that you or your loved ones have shared with the Italian Red Cross or other Red Cross and Red Crescent partners to ask for our humanitarian services and publish some of the online.
- You might have provided this information to us when registering for our programs, receiving aid during a natural disaster or armed conflict, requesting our services to find lost relatives, or for other needs.
- We are doing everything we can to get in touch directly with those people whose personal data has been affected.
- We encourage you to reach out to your local Red Cross or Red Crescent society or the International Committee of the Red Cross (ICRC) office in your country if you have any questions.
What does this mean for me and the help you can provide?
- We are still here to support you. Our humanitarian services, including the Restoring Family Link Services, continue to function and are not affected by this cybersecurity incident.
- No personal data you may have shared with the Red Cross or Red Crescent Movement has been deleted or lost. This means that we continue supporting you in times of crisis, we will keep searching for your loved ones, among all the different activities we develop.
What are you doing about the situation?
- The Italian Red Cross has worked to further secure their systems. Access to the published data and information was shut down. The public links where the leaked data was published are now blocked. Authorities in Italy are actively monitoring the Internet to identify and take down further potential publication of data. See more information from the Italian Red Cross.
- As per the Italian Red Cross security protocols, investigations are ongoing to know more details about the impact of this cybersecurity incident.
- The Italian Red Cross and the entire Red Cross and Red Crescent Movement are doing everything possible to inform all the people affected by this breach.
- The Italian Red Cross has implemented the necessary technical measures to prevent any future security violations of its systems.
- We want to reassure you that we stand by you in this very difficult situation. The Red Cross and Red Crescent Movement takes your security very seriously, especially the safety of the people we assist, and the protection of their information. We have invested substantially in cybersecurity and work with trusted partners to maintain high standards of data protection and system, including the monitoring of suspicious activities. We are doing everything in our power to fix this and prevent it from happening again.
Should I be concerned?
- We understand that this might make you feel concerned about your safety. We do not know the motives behind this incident, so it is difficult to be able to estimate the potential harm this could cause, including to you and your loved ones.
- The data has been made public for different periods of time. We don’t know who might have accessed it. We are doing everything we can to get in touch directly with those people whose personal data has been affected.
What can I do if I think my personal information was leaked?
- In Sweden, about fifty people are affected. The affected individuals should have been contacted by the Swedish Red Cross by July 9, 2024. If you are still concerned, you can contact us at data@redcross.se. You can also contact us on our migration hotline on Wednesdays 09.00-12.00 on 020-415 000.
- The best thing to do right now is to get in contact with us and we will do our best to answer to any questions you might have.
- In addition to that, there are some simple steps you can take to better protect yourself and your loved ones from some of the consequences of a potential breach of your data.
- It’s important to inform your trusted loved ones of what happened. Malicious people can impersonate them. Ask your loved ones to be on the lookout for any unusual phone calls, messages or emails from ill-intentioned people.
- Be suspicious about phone calls, messages or emails that sound urgent or threatening and try to make you act in certain ways. Malicious people often try to use fear and urgency to force you to take specific or unsafe actions (such as giving away more personal information, making a payment or clicking on unknown links).
- The Red Cross and Red Crescent Movement will never contact you to ask for an urgent payment or for additional sensitive information on unsecured channels. If you get such a request, please ignore it, and contact your local Red Cross or Red Crescent Society or the ICRC office in your country immediately to let them know.
- Try to pay extra attention to the details of the email addresses or phone numbers contacting you. Whenever possible, verify this information in official websites. The contact information of your local Red Cross or Red Crescent Society or the ICRC office in your country are available publicly and can be verified.
- If you receive any communications that seem concerning to you, we suggest you delete these immediately. Do not click on any of the links, open attachments, nor share these with other people. If it claims to be from the Red Cross or Red Crescent, please inform your local Red Cross or Red Crescent Society or ICRC office in your country immediately.
Can you delete my personal data from your systems?
- You can request the deletion of your personal data, but please note that in some instances we might not be able to delete your data.
- The deletion of your data could take some time as we will need to contact partners with whom your data was shared with your consent (e.g. another NS/ICRC delegation) and request that the partner also erases the data and any copies thereof.
Should I change my contact information?
- For now, we don’t believe you need to change your contact details, like your mobile number or email address. But we do encourage you to stay alert for any suspicious communications you might receive from people impersonating the Red Cross or Red Crescent.
- As always, if you are in doubt or concerned about anything, please contact your local Red Cross or Red Crescent Society or the ICRC office in your own country. We are here to listen to you and to help alleviate your concerns.
Our message to you
We are sorry for what happened. We know you entrusted us with personal information and details about often traumatic events in your life. This is not a responsibility we take lightly. We will work to earn your trust so we can continue to serve you.