ICRC cyber security incident

On 18 January 2022, the International Committee of the Red Cross (ICRC) became aware of a cyber-attack on its servers where a sophisticated unknown cyber actor (someone outside of Red Cross) gained access to the Restoring Family Links (RFL) database.

On 20 January 2022, Australian Red Cross was notified of the incident.

We will continue to provide updates on this page as information is available.

If you require additional support, or need an interpreter, please contact our dedicated 24/7 hotline on 1800 860 442. For international callers, please contact +61 2 8077 2507.


Also available in the following languages

Arabic | Amharic | Bosnian | Croatian | Dari | FarsiFrench | Kurdish Kurmanji | OromoSerbian | Somali | Swahili | TamilTigrinyanVietnamese 


About the ICRC cyber security incident

The ICRC has determined that servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement were compromised in a sophisticated cyber security attack. Australian Red Cross uses this database for our RFL and detention monitoring programs. We do not yet know whether information entered by Australian Red Cross into the database is specifically impacted. Red Cross and Red Crescent teams globally use the database, however the information stored in the database comes from any case we have worked on, from any country.

Information that you have provided to Australian Red Cross may have been put into the database. This is a standard internal process to ensure that information is kept in one place, and we can communicate with our partners in other countries when trying to find a missing loved one.

This information may include your name, your contact details, information about the circumstance of your missing loved one, and the names and contact details of any relatives you have told us about, or information about the circumstances of your detention and the concerns you raised with us. It includes all documents provided to us in the course of managing your case, which may include identity documents, intake forms, Attestation of Detention certificates from ICRC, Red Cross Messages exchanged between family members, and photos.

We confirm that there is currently no indication that your personal information has been deleted or tampered with. Further, we have not identified any evidence of any misuse or public disclosure of this data. This remains under close review, and we will let you know if this position changes.

As soon as the ICRC became aware of the incident, it took the compromised servers offline. This means that we are not currently able to access any case information or work on any cases.

The ICRC is now in the process of identifying short-term solutions to enable Red Cross and Red Crescent teams worldwide to continue providing humanitarian services for the people impacted by this incident.

Separately, Australian Red Cross is undertaking an independent review of local systems and services to ensure that they remain secure.

Together, we are working to support potentially affected clients and to further strengthen systems to prevent a similar incident from reoccurring.

We are contacting you because we have worked with you in relation to one or more of the following services:
  • Find a family member missing as a result of war, disaster or migration.
  • Send a message to a relative where there is no other means of communication.
  • Check the welfare of a relative overseas whom you are unable to reach.
  • Request documentation about an individual.
  • Monitoring conditions of immigration detention facilities.
As a result of the incident, some of the information provided by you or your loved ones during this process may have been impacted. Please speak to any loved ones who might also be impacted by this and may not be aware.
The RFL database is used by Australian Red Cross and other Red Cross and Red Crescent National Societies around the world to:
  • Help locate people missing.
  • Share and store information about RFL cases, including messages exchanged with your relatives in another country.
  • Record issues of humanitarian concern raised with us by people in immigration detention.
  • Store communications with people in immigration detention.
  • Record information about referrals we have made in relation to supports for you and your family (which were discussed with you).
The RFL database is hosted in Geneva and managed by the ICRC.

Restoring Family Links (RFL) is a global service delivered in countries around the world. Red Cross and Red Crescent societies, including Australian Red Cross, use an online system to store information about RFL cases. We do this so information is securely stored in one place, and we can communicate with our Red Cross partners in other countries when trying to find a missing loved one.

We also use this system when supporting people in immigration detention.

ICRC servers hosting the RFL database and related systems were compromised. The hackers were inside the system and had the ability to copy and export information. We do not yet know whether information entered by Australian Red Cross into the RFL database is specifically impacted. Information that may have been impacted includes correspondence and records about your case, including contact details of your loved ones if this was relevant to your case. To our knowledge the information has not been published or traded at this time, and we are closely monitoring this.

Where a third party may have access to your contact information, it is important to:

  • Change passwords – change your online passwords if you have not already done so. If you emailed yourself passwords for other accounts, change these as well. The Australian Cyber Security Centre provides guidance around good password practice.
  • Take caution – if you are suspicious of the address, contact your service provider to ensure you are logging into the correct page. Do not provide your login details.
  • Enable additional protections – set-up multi-factor authentication for your online accounts where possible and ensure you have up-to-date anti-virus software installed on any device you use to access online accounts.
  • Check links – take note of what is called a ‘Uniform Resource Locator’ or ‘URL’ when on a webpage that is asking for your login credentials. This is located in the address bar of your web browser and typically starts with ‘https://’
  • Mobile phone porting – stay alert for mobile phone carriers indicating that your phone is no longer connected to the network where this is unusual, or you have not instructed your mobile phone carrier to terminate the connection. Where this occurs, we recommend alerting your mobile phone carrier of the issue immediately.
  • Review Scamwatch guidance – you may wish to review the Australian Competition and Consumer Commission's Scamwatch guidance on protecting yourself from scams.

For further guidance about protecting your identity, you may wish to visit the Australian Cyber Security Centre’s guidance page.

We are still going through the careful process of understanding the full scope of the incident and the way that our clients are affected. We are committed to providing you with a further update as relevant information comes to light, including providing updated advice on precautionary steps you can take.

If you suffer distress, we recommend that you seek health advice from a registered health professional you know and trust.

Additional support is available for you and your loved ones, to help you address any questions or concerns about this notice and the incident. These include:

Australian Red Cross
You can call our hotline using the phone numbers listed above.

Please also check this webpage for updates over the coming days.

If you are concerned about the potential misuse of your personal information, we have arranged free support from IDCARE, Australia’s national identity and cybersecurity community support service.

Please engage an IDCARE Case Manager via IDCARE’s Get Help Web Form if you have broader identity security concerns.

Alternatively, you may visit IDCARE’s Learning Centre for further information and resources on protecting your personal information. IDCARE’s services may be accessed by providing referral code RCA-ID22 when completing its Get Help Web Form or calling 1800 595 160.

Your health care practitioner
If you suffer distress, we recommend that you seek advice from a registered health professional you know and trust. When you see your general health practitioner, they’ll assess what help you need.

Please refer to our email for more information on how these organisations can support you and your loved ones.

Charity donations of $2 or more to Australian Red Cross may be tax deductible in Australia. Site protected by Google Invisible reCAPTCHA. © Australian Red Cross 2024. ABN 50 169 561 394