Almennar fréttir

Notification of data breach

04. febrúar 2022

The Icelandic Red Cross learned on the evening of Wednesday, January 19th 2022, that the digital system(s) that the International Red Cross and Red Crescent Movement uses to store the data of its beneficiaries have been exposed to a Cyber Security Incident and Personal Data Breach.

The Icelandic Red Cross learned on the evening of Wednesday, January 19th 2022, that the digital system(s) that the International Red Cross and Red Crescent Movement uses to store the data of its beneficiaries have been exposed to a Cyber Security Incident and Personal Data Breach.

The breach is still being investigated by the International Committee of the Red Cross (ICRC), our Red Cross/Red Crescent Movement partner that stored the data on our behalf. The ICRC has no immediate indications as to who carried out this breach, which targeted an external company in Switzerland with whom the ICRC contracts to store data. At this stage, it appears the goal was to infiltrate the ICRC infrastructure for unauthorized ad hoc monitoring and extraction of data.

There is not yet any indication that the compromised data has been lost or tampered with. Moreover, we have not seen any misuse or public use of this data. ICRC teams are fully mobilized to closely monitor this eventuality.

The security incident compromised personal data and confidential information collected by the Red Cross/Red Crescent Movement on more than 515,000 highly vulnerable people globally, including those separated from their families due to the conflict, migration and disaster, missing persons and their families, and people in detention. The data originated from at least 60 Red Cross and Red Crescent National Societies around the world. 

Currently, the ICRC has suspended all access to the compromised systems to reduce the immediate impact of this breach. It is now in the process of identifying short-term solutions to enable the Red Cross and Red Crescent teams worldwide to continue providing humanitarian services for the people impacted by this breach.

The Icelandic Red Cross takes data protection extremely seriously. It will continue in its efforts to take all the necessary measures to protect your data and reduce the potential risks to the greatest extent possible.

We will update you if we obtain any further information about this breach and remain available should you have any questions. If any further questions arise, please send us an email at tracing@redcross.is and we will do our best to answer. You can also visit the ICRC's website to learn more about the attack. Please accept our deepest apologies for any difficulties this unauthorized activity has caused.

Sincerely,

The Asylum team at The Icelandic Red Cross