[FoME] ICRC Cyber Attack is Our Constituent Data Management Nightmare

[Christoph Dietz]

By Wayan Vota, ICT Works, January 26, 2022

A sophisticated cyber security attack against International Committee of the Red Cross (ICRC) servers last week exposed sensitive personally identifiable information of 515,000 people in the Restoring Family Links program that seeks to reunite family members separated by conflict, migration, disaster, or detention.

The ICRC cyber attack is our collective constituent data management nightmare. Not unique, not isolated, and not unexpected. As Linda Raftree says, the ICRC has some of the best data policies, practices, and data protection staff in the international aid sector. In addition, they announced almost immediately that they had been hacked and the extent of the data breach. They put constituent harm reduction ahead of organizational reputation.

That transparency is rare in development. IntraHealth International was hacked in 2018, and staff were locked out of the IT systems for days. Yet Intraheath never said a word. This very site, ICTworks, was hacked in 2015 and 2021, but we kept quiet. Your organization was probably hacked recently too, yet where was its ICRC-level of transparency?

The harsh reality is that we should all be calcultaing our cyber threat model.

Full article at: https://www.ictworks.org/constituent-data-management-nightmare-2