P2022-ND-083

To participate in the RFL program and provide this assistance, the Organization collects and inputs personal information into the international RFL system. This system is managed by ICRC and stored by ICRC?s external data centre service providers. On January 19, 2022, the Organization was advised by ICRC that the RFL system was the subject of a cyber security incident starting on November 2, 2021. ICRC indicated to the Organization that it has no immediate indications as to who carried out this attack, if the perpetrator had any particular intention, or the technical methodology used by the attacker. ICRC also confirmed to the Organization that, while there is evidence that information on the RFL system was accessed, this was not a ransomware attack. Based on its investigation thus far, ICRC believes that, information contained in the RFL system has not been tampered with, lost, deleted, published or traded.