What happened in the Red Cross data breach?
Twingate Team
•
May 24, 2024
In January 2022, the International Committee of the Red Cross (ICRC) fell victim to a sophisticated cyberattack, resulting in the compromise of personal data and confidential information of a large number of vulnerable individuals. The attack impacted the ICRC system used by the American Red Cross for the Restoring Family Links program, which aims to reunite family members separated by conflict, disaster, or migration. The breach involved advanced hacking tools and obfuscation techniques, exploiting an unpatched critical vulnerability in an authentication module.
How many accounts were compromised?
The breach impacted data related to approximately 500,000 individuals.
What data was leaked?
The data exposed in the breach included health records, personal identification documents, contact information, family relationships, and details of the individuals' circumstances related to their separation and search for family members.
How was Red Cross hacked?
The ICRC data breach occurred due to an unpatched critical vulnerability (CVE-2021-40539) in an authentication module. Cybercriminals exploited this vulnerability, deploying advanced hacking tools and obfuscation techniques to gain access to the servers hosting personal data. Once inside the network, they compromised administrator credentials, conducted lateral movement, and exfiltrated sensitive information, affecting over 515,000 individuals worldwide. The sophistication of the attack suggests it may have been state-sponsored.
Red Cross's solution
In response to the hack, the International Committee of the Red Cross (ICRC) took several measures to enhance security and prevent future incidents. The compromised servers were taken offline as soon as the breach was detected, and the systems were relaunched with security enhancements, including a new two-factor authentication process and advanced threat detection solution. The applications and systems went back online only after successful, externally conducted penetration tests. The ICRC also hired a specialist cybersecurity company to support them in protecting their systems and continues to work with cybersecurity experts to monitor their systems and make relevant security enhancements.
How do I know if I was affected?
The ICRC has notified individuals believed to be affected by the breach. If you are concerned about your data and have not received a notification, you may visit Have I Been Pwned to check if your credentials were compromised in this or any other data breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate authorities and service providers.
For more specific help and instructions related to the Red Cross data breach, please contact Red Cross Customer Service directly.
Where can I go to learn more?
If you want to find more information on the Red Cross data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Red Cross data breach?
Twingate Team
•
May 24, 2024
In January 2022, the International Committee of the Red Cross (ICRC) fell victim to a sophisticated cyberattack, resulting in the compromise of personal data and confidential information of a large number of vulnerable individuals. The attack impacted the ICRC system used by the American Red Cross for the Restoring Family Links program, which aims to reunite family members separated by conflict, disaster, or migration. The breach involved advanced hacking tools and obfuscation techniques, exploiting an unpatched critical vulnerability in an authentication module.
How many accounts were compromised?
The breach impacted data related to approximately 500,000 individuals.
What data was leaked?
The data exposed in the breach included health records, personal identification documents, contact information, family relationships, and details of the individuals' circumstances related to their separation and search for family members.
How was Red Cross hacked?
The ICRC data breach occurred due to an unpatched critical vulnerability (CVE-2021-40539) in an authentication module. Cybercriminals exploited this vulnerability, deploying advanced hacking tools and obfuscation techniques to gain access to the servers hosting personal data. Once inside the network, they compromised administrator credentials, conducted lateral movement, and exfiltrated sensitive information, affecting over 515,000 individuals worldwide. The sophistication of the attack suggests it may have been state-sponsored.
Red Cross's solution
In response to the hack, the International Committee of the Red Cross (ICRC) took several measures to enhance security and prevent future incidents. The compromised servers were taken offline as soon as the breach was detected, and the systems were relaunched with security enhancements, including a new two-factor authentication process and advanced threat detection solution. The applications and systems went back online only after successful, externally conducted penetration tests. The ICRC also hired a specialist cybersecurity company to support them in protecting their systems and continues to work with cybersecurity experts to monitor their systems and make relevant security enhancements.
How do I know if I was affected?
The ICRC has notified individuals believed to be affected by the breach. If you are concerned about your data and have not received a notification, you may visit Have I Been Pwned to check if your credentials were compromised in this or any other data breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate authorities and service providers.
For more specific help and instructions related to the Red Cross data breach, please contact Red Cross Customer Service directly.
Where can I go to learn more?
If you want to find more information on the Red Cross data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
What happened in the Red Cross data breach?
Twingate Team
•
May 24, 2024
In January 2022, the International Committee of the Red Cross (ICRC) fell victim to a sophisticated cyberattack, resulting in the compromise of personal data and confidential information of a large number of vulnerable individuals. The attack impacted the ICRC system used by the American Red Cross for the Restoring Family Links program, which aims to reunite family members separated by conflict, disaster, or migration. The breach involved advanced hacking tools and obfuscation techniques, exploiting an unpatched critical vulnerability in an authentication module.
How many accounts were compromised?
The breach impacted data related to approximately 500,000 individuals.
What data was leaked?
The data exposed in the breach included health records, personal identification documents, contact information, family relationships, and details of the individuals' circumstances related to their separation and search for family members.
How was Red Cross hacked?
The ICRC data breach occurred due to an unpatched critical vulnerability (CVE-2021-40539) in an authentication module. Cybercriminals exploited this vulnerability, deploying advanced hacking tools and obfuscation techniques to gain access to the servers hosting personal data. Once inside the network, they compromised administrator credentials, conducted lateral movement, and exfiltrated sensitive information, affecting over 515,000 individuals worldwide. The sophistication of the attack suggests it may have been state-sponsored.
Red Cross's solution
In response to the hack, the International Committee of the Red Cross (ICRC) took several measures to enhance security and prevent future incidents. The compromised servers were taken offline as soon as the breach was detected, and the systems were relaunched with security enhancements, including a new two-factor authentication process and advanced threat detection solution. The applications and systems went back online only after successful, externally conducted penetration tests. The ICRC also hired a specialist cybersecurity company to support them in protecting their systems and continues to work with cybersecurity experts to monitor their systems and make relevant security enhancements.
How do I know if I was affected?
The ICRC has notified individuals believed to be affected by the breach. If you are concerned about your data and have not received a notification, you may visit Have I Been Pwned to check if your credentials were compromised in this or any other data breach.
What should affected users do?
In general, affected users should:
Change Your Passwords: Immediately update your passwords for any accounts that may have been compromised. Make sure the new passwords are strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on any affected accounts. Consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized access or transactions to the appropriate authorities and service providers.
For more specific help and instructions related to the Red Cross data breach, please contact Red Cross Customer Service directly.
Where can I go to learn more?
If you want to find more information on the Red Cross data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions