On 18 January 2022, the International Committee of the Red Cross (ICRC) became aware of a cyber-attack on its servers where a sophisticated unknown cyber actor (someone outside of Red Cross) gained access to the Restoring Family Links (RFL) database.
On 20 January 2022, Australian Red Cross was notified of the incident.
We will continue to provide updates on this page as information is available.
If you require additional support, or need an interpreter, please contact our dedicated 24/7 hotline on 1800 860 442. For international callers, please contact +61 2 8077 2507.
The ICRC has determined that servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement were compromised in a sophisticated cyber security attack. Australian Red Cross uses this database for our RFL and detention monitoring programs. We do not yet know whether information entered by Australian Red Cross into the database is specifically impacted. Red Cross and Red Crescent teams globally use the database, however the information stored in the database comes from any case we have worked on, from any country.
Information that you have provided to Australian Red Cross may have been put into the database. This is a standard internal process to ensure that information is kept in one place, and we can communicate with our partners in other countries when trying to find a missing loved one.
This information may include your name, your contact details, information about the circumstance of your missing loved one, and the names and contact details of any relatives you have told us about, or information about the circumstances of your detention and the concerns you raised with us. It includes all documents provided to us in the course of managing your case, which may include identity documents, intake forms, Attestation of Detention certificates from ICRC, Red Cross Messages exchanged between family members, and photos.
We confirm that there is currently no indication that your personal information has been deleted or tampered with. Further, we have not identified any evidence of any misuse or public disclosure of this data. This remains under close review, and we will let you know if this position changes.
As soon as the ICRC became aware of the incident, it took the compromised servers offline. This means that we are not currently able to access any case information or work on any cases.
The ICRC is now in the process of identifying short-term solutions to enable Red Cross and Red Crescent teams worldwide to continue providing humanitarian services for the people impacted by this incident.
Separately, Australian Red Cross is undertaking an independent review of local systems and services to ensure that they remain secure.
Together, we are working to support potentially affected clients and to further strengthen systems to prevent a similar incident from reoccurring.
Restoring Family Links (RFL) is a global service delivered in countries around the world. Red Cross and Red Crescent societies, including Australian Red Cross, use an online system to store information about RFL cases. We do this so information is securely stored in one place, and we can communicate with our Red Cross partners in other countries when trying to find a missing loved one.
We also use this system when supporting people in immigration detention.
ICRC servers hosting the RFL database and related systems were compromised. The hackers were inside the system and had the ability to copy and export information. We do not yet know whether information entered by Australian Red Cross into the RFL database is specifically impacted. Information that may have been impacted includes correspondence and records about your case, including contact details of your loved ones if this was relevant to your case. To our knowledge the information has not been published or traded at this time, and we are closely monitoring this.
Where a third party may have access to your contact information, it is important to:
For further guidance about protecting your identity, you may wish to visit the Australian Cyber Security Centre’s guidance page.
We are still going through the careful process of understanding the full scope of the incident and the way that our clients are affected. We are committed to providing you with a further update as relevant information comes to light, including providing updated advice on precautionary steps you can take.
If you suffer distress, we recommend that you seek health advice from a registered health professional you know and trust.
Additional support is available for you and your loved ones, to help you address any questions or concerns about this notice and the incident. These include:
Australian Red Cross
You can call our hotline using the phone numbers listed above.
Please also check this webpage for updates over the coming days.
If you are concerned about the potential misuse of your personal information, we have arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service.
Please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form if you have broader identity security concerns.
Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information. IDCARE’s services may be accessed by providing referral code RCA-ID22 when completing its Get Help Web Form or calling 1800 595 160.
Your health care practitioner
If you suffer distress, we recommend that you seek advice from a registered health professional you know and trust. When you see your general health practitioner, they’ll assess what help you need.
Please refer to our email for more information on how these organisations can support you and your loved ones.