Important messages for those affected by the data breach
WHAT IS THE SITUATION?
On January 18, a breach was discovered in one of the International Committee of the Red Cross (ICRC) data center service providers. This means that someone outside the Red Cross has accessed the Restoring Family Links (RFL) system and may have accessed your information. We did not lose any data in the cybersecurity incident. For more information on the cybersecurity incident and the data breach, you can consult this Questions & Answers document on the ICRC website.
WHAT DOES THIS MEAN TO YOU?
We are still assessing the impact of the data breach and how it might have affected different contexts and people. We aim to have more concrete information over the next few days.
We want to assure you that we are with you in this very difficult situation. The Red Cross and Red Crescent Movement takes data security and privacy very seriously, in particular the safety of the people we assist and the protection of their information. We have invested heavily in cybersecurity and work with trusted partners to maintain high standards of data and system protection, including monitoring for suspicious activity. We are doing everything in our power to remedy this and prevent it from happening again.
WHAT ARE WE DOING WITH THE SITUATION?
To prevent further breaches, we have since closed all access to the system. This means that we are currently unable to access case information or work on cases until the system is restored.
Although we do not yet know the extent and impact of this cybersecurity incident, we are working to investigate the breach and assess its risk and impact.
We will post information as soon as we have an update.
WHAT TO DO ? POTENTIAL MITIGATION MEASURES
Beware of phishing attacks, which involves sending fraudulent communications that appear to come from a trusted source.
If you receive a suspicious email or text message claiming to be from the Red Cross or asking for your personal information, immediately delete the message and do not forward or share it.
Do not respond to these messages or provide any personal information to unsolicited emails you may receive. If in doubt, please contact your local National Red Cross or Red Crescent Society or the International Committee of the Red Cross office in your own country via the available emergency contact details before taking action on any message.
OUR MESSAGE TO YOU
We know that you have entrusted us with personal information and details about often traumatic events in your life. It’s not a responsibility we take lightly. We want you to know that we are doing everything we can to restore the services we are so proud to provide around the world. We will work to earn your trust so that we can continue to serve you.