18.02.2022

Have you used our Restoring Family Links services?

Photo: Suomen Punainen Risti

The data breach on the International Committtee of the Red Cross has been stopped.

The electronic database of the International Committee of the Red Cross (ICRC) has been the target of a cyber security attack. The data breach was noticed on 18 January, and it applies only to databases related to restoring family links.

Restoring Family Links is a Red Cross service for family members who have been separated from each other by war, natural disasters or migration. The Red Cross locates family members and helps relatives reunite through its international network.

Due to this data breach, a party outside the Red Cross has been able to access the committee’s servers and systems used for restoring family connections. The Finnish Red Cross also utilises these systems. If you are using or have used our service for restoring family links, it is possible that the data breach perpetrators have also been able to view or record your personal data.

How might this affect you?

We do not yet know by whom or why the data breach was carried out. The International Committee of the Red Cross is currently reviewing these questions together with the authorities.

The perpetrators used highly advanced methods to carry out the attack, and the breach affects the data of more than 515,000 people worldwide.

We do know that the perpetrators of the data breach have connected with the servers and systems that also stored your personal data. This information may include, for example, your name, contact information, the explanation of the events that led to the person’s disappearance, as well as information about the people you are looking for that is saved into the database.

At the moment, there are no signs that the data in the database have been published or misused. Based on our current knowledge, neither have the data been edited nor deleted. However, it is possible that the perpetrator of the data breach will attempt to abuse the data in the future.

The breach does not affect other aid activities of the Finnish Red Cross.

What is the Red Cross doing about this?

The International Committee of the Red Cross has stopped the data breach and shut down all external connections to its servers.  The Finnish Red Cross has reported the issue to the National Cyber Security Centre Finland and submitted a data breach notification to the Data Protection Ombudsman.

We will relaunch the work for restoring family links as soon as possible, when we are certain that the operations are secure.

What should you take into consideration?

At the moment, the situation does not require any actions on your part.

However, it is possible that the data breach perpetrator will attempt to abuse the data they have obtained. Due to this, you should remain cautious about any text messages, e-mails, phone calls or other messages that you deem suspicious.

  • Do not answer any suspicious messages and do not open any attachments or hyperlinks that they may contain.
  • Contact the police if you believe you have been the target of a scamming or blackmailing attempt.
  • Please note that the Red Cross Restoring Family Links services are always free of charge. You will never be asked to pay for the service.

Do you have any questions?

It is normal to experience feelings such as concern and uncertainty in this kind of a situation. We consider the confidentiality of your personal data and safeguarding your data to be highly important. 

  • If you have any questions about the data breach, please contact our services for restoring family connections by e-mail tracing@redcross.fi or by calling +358 (0)40 721 5577 (mobile call fee). We answer inquiries Monday to Friday 9.00–11.00 am and 12 noon–3.00 pm. Text messages cannot be sent to the number. 
  • You can find information on the data breach in Arabic, Dari, Spanish, Farsi, French and Somali further down this page.
  • You can also find up to date information about the situation on the International Committee of the Red Cross’s website.

 

ARABIC For those affected ICRC data breach.pdf

DARI For those affected ICRC data breach.pdf

SPANISH For those affected ICRC data breach.pdf

FARSI For those affected ICRC data breach.pdf

FRENCH For those affected ICRC data breach.pdf

SOMALI For those affected ICRC data breach.pdf