ICRCI
Company Details
Linkedin ID:
icrc
Website:
Employees number:
12,925
Number of followers:
1,401,491
NAICS:
8135
Industry Type:
Homepage:
icrc.org
IP Addresses:
0
Company ID:
INT_1824950
Scan Status:
In-progress
International Committee of the Red Cross - ICRC Company CyberSecurity Posture
icrc.org
Established in 1863, the International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian help for people affected by conflict and armed violence and to promote the laws that protect victims of war. An independent and neutral organization, its mandate stems essentially from the Geneva Conventions of 1949. It takes action in response to emergencies and promotes respect for international humanitarian law and its implementation in national law. We work closely with National Red Cross and Red Crescent Societies and with their International Federation to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. Find out more about the ICRC by visiting the following links: Where we work http://www.icrc.org/en/where-we-work Working for the ICRC https://careers.icrc.org/ https://www.icrc.org/en/join-icrc-and-help-protect-lives-and-dignity Current Opportunities https://bit.ly/2GuHdZR
International Committee of the Red Cross - ICRC A.I CyberSecurity Scoring
ICRCI Risk Score (AI oriented)Between 750 and 799
ICRCI
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
ICRCI Global Score (TPRM)XXXX
ICRCI
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
ICRCI Company CyberSecurity News & History
Past Incidents
2
Attack Types
2
International Committee of the Red Cross - ICRC
Cyber Attack
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The computer servers of the International Committee of the Red Cross were targeted by a cyber attack. The personal data and confidential information of more than 515,000 people were compromised in the attack.
International Committee of the Red Cross - ICRC
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The computer servers of the International Committee of the Red Cross were targeted by a cyber attack. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people. The perpetrator of this cyberattack is yet unknown to the ICRC. There are currently no signs that the hacked data has been shared publicly or leaked. The organisation declared that they are collaborating closely with their partners in aid work across the globe to comprehend the scale of the attack and implement the necessary safeguards for our data going forward.
ICRCI Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for ICRCI
Incidents vs Non-profit Organizations Industry Average (This Year)
No incidents recorded for International Committee of the Red Cross - ICRC in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for International Committee of the Red Cross - ICRC in 2025.
Incident Types ICRCI vs Non-profit Organizations Industry Avg (This Year)
No incidents recorded for International Committee of the Red Cross - ICRC in 2025.
Incident History — ICRCI (X = Date, Y = Severity)
ICRCI cyber incidents detection timeline including parent company and subsidiaries
ICRCI Company Subsidiaries
Established in 1863, the International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian help for people affected by conflict and armed violence and to promote the laws that protect victims of war. An independent and neutral organization, its mandate stems essentially from the Geneva Conventions of 1949. It takes action in response to emergencies and promotes respect for international humanitarian law and its implementation in national law. We work closely with National Red Cross and Red Crescent Societies and with their International Federation to ensure a concerted, rational and rapid humanitarian response to the needs of the victims of armed conflict or any other situation of internal violence. Find out more about the ICRC by visiting the following links: Where we work http://www.icrc.org/en/where-we-work Working for the ICRC https://careers.icrc.org/ https://www.icrc.org/en/join-icrc-and-help-protect-lives-and-dignity Current Opportunities https://bit.ly/2GuHdZR
Loading...
ICRCI Similar Companies
Transport for London
Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and
The American Red Cross prevents and alleviates human suffering in the face of emergencies by mobilizing the power of volunteers and the generosity of donors. Each day, thousands of people – people just like you – provide compassionate care to those in need. Our network of generous donors, voluntee
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
IEEE
IEEE is the world’s largest technical professional organization and is a public charity dedicated to advancing technological innovation and excellence for the benefit of humanity. IEEE and its members inspire a global community through its highly cited publications, conferences, technology standards
CASA DE LA FAMILIA
Casa de la Familia (CDLF) is a 501(c)(3) non-profit organization founded in 1996 by Clinical Psychologist Dr. Ana Nogales whose vision was to create an organization dedicated to ensuring long-lasting mental health success of children, youth, and families in response to psychological trauma. We prov
Goodwill Industries is all about people working. We are North America’s leading nonprofit provider of education, training, and career services for people with disadvantages, such as welfare dependency, homelessness, and lack of education or work experience, as well as those with physical, mental an
World Vision
World Vision is the largest child-focused private charity in the world. Our 33,000+ staff members working in nearly 100 countries have united with our incredible supporters to impact the lives of over 200 million vulnerable children by tackling the root causes of poverty. Through World Vision every
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
.png)
ICRCI CyberSecurity News
October 14, 2025 07:00 AM
GCF 2025: Humanitarian Voice at the Heart of Cybersecurity
Riyadh, Saudi Arabia — As cyber threats increasingly endanger civilian lives, the International Committee of the Red Cross (ICRC) joined...
October 09, 2025 07:00 AM
ICRC and Luxembourg House of Cybersecurity strengthen cooperation on cybersecurity and digital resilience for humanitarian action
At the occasion of the Cybersecurity Month and the Autumn Edition of the Cybersecurity Week Luxembourg Campaign, the International Committee...
September 23, 2025 07:00 AM
Luxembourg and ICRC sign new agreement to deepen humanitarian cooperation
On 23 September 2025, on the margins of the United Nations General Assembly, the Grand Duchy of Luxembourg and the International Committee...
July 16, 2025 07:00 AM
UN cyber diplomacy: Why civil society could be left out in future
The UN Working Group on Cyber Security (OEWG) has agreed to set up a permanent format at the UN on cyber security. However, the working group's successes have...
June 05, 2025 07:00 AM
ICRC Global Cyber Hub in Luxembourg: highlights humanitarian use of digital tech at Luxembourg’s first GRC Summit
The ICRC highlighted the humanitarian application of digital technologies, emphasizing responsible innovation and risk management in conflict-affected areas.
June 03, 2025 07:00 AM
Cybersecurity for Nonprofits in the Age of AI-Based Attacks
As cyber threats continue to evolve, nonprofits must prioritize cybersecurity to protect their missions and the communities they serve.
February 25, 2025 08:00 AM
One Year On: Are the ICRC’s Principles for Civilian Hackers Shaping the Laws of War?
by Samuel White | Feb 25, 2025. Hackers. In October 2023, the International Committee of the Red Cross (ICRC) laid down a stark warning: cyber warfare must...
February 11, 2025 08:00 AM
At the Intersection of Humanitarian Action and Cyberspace
Cybersecurity and data protection in humanitarian action can't be accomplished by the humanitarian sector alone – it requires cross-sectoral and...
November 01, 2024 07:00 AM
How archives counter misinformation and help field operations in times of war: the case of the International Committee of the Red Cross - Cross-Files | ICRC Archives, audiovisual and library
Misinformation, « fake news », and cybersecurity issues constitute severe threats to organizations like the International Committee of the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
ICRCI CyberSecurity History Information
Official Website of International Committee of the Red Cross - ICRC
The official website of International Committee of the Red Cross - ICRC is https://careers.icrc.org/.
International Committee of the Red Cross - ICRC’s AI-Generated Cybersecurity Score
According to Rankiteo, International Committee of the Red Cross - ICRC’s AI-generated cybersecurity score is 772, reflecting their Fair security posture.
How many security badges does International Committee of the Red Cross - ICRC’ have ?
According to Rankiteo, International Committee of the Red Cross - ICRC currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does International Committee of the Red Cross - ICRC have SOC 2 Type 1 certification ?
According to Rankiteo, International Committee of the Red Cross - ICRC is not certified under SOC 2 Type 1.
Does International Committee of the Red Cross - ICRC have SOC 2 Type 2 certification ?
According to Rankiteo, International Committee of the Red Cross - ICRC does not hold a SOC 2 Type 2 certification.
Does International Committee of the Red Cross - ICRC comply with GDPR ?
According to Rankiteo, International Committee of the Red Cross - ICRC is not listed as GDPR compliant.
Does International Committee of the Red Cross - ICRC have PCI DSS certification ?
According to Rankiteo, International Committee of the Red Cross - ICRC does not currently maintain PCI DSS compliance.
Does International Committee of the Red Cross - ICRC comply with HIPAA ?
According to Rankiteo, International Committee of the Red Cross - ICRC is not compliant with HIPAA regulations.
Does International Committee of the Red Cross - ICRC have ISO 27001 certification ?
According to Rankiteo,International Committee of the Red Cross - ICRC is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of International Committee of the Red Cross - ICRC
International Committee of the Red Cross - ICRC operates primarily in the Non-profit Organizations industry.
Number of Employees at International Committee of the Red Cross - ICRC
International Committee of the Red Cross - ICRC employs approximately 12,925 people worldwide.
Subsidiaries Owned by International Committee of the Red Cross - ICRC
International Committee of the Red Cross - ICRC presently has no subsidiaries across any sectors.
International Committee of the Red Cross - ICRC’s LinkedIn Followers
International Committee of the Red Cross - ICRC’s official LinkedIn profile has approximately 1,401,491 followers.
NAICS Classification of International Committee of the Red Cross - ICRC
International Committee of the Red Cross - ICRC is classified under the NAICS code 8135, which corresponds to Others.
International Committee of the Red Cross - ICRC’s Presence on Crunchbase
No, International Committee of the Red Cross - ICRC does not have a profile on Crunchbase.
International Committee of the Red Cross - ICRC’s Presence on LinkedIn
Yes, International Committee of the Red Cross - ICRC maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/icrc.
Cybersecurity Incidents Involving International Committee of the Red Cross - ICRC
As of November 27, 2025, Rankiteo reports that International Committee of the Red Cross - ICRC has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
International Committee of the Red Cross - ICRC has an estimated 20,200 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at International Committee of the Red Cross - ICRC ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak and Cyber Attack.
Incident Details
Can you provide details on each incident ?
Title: Cyber Attack on International Committee of the Red Cross
Description: The computer servers of the International Committee of the Red Cross were targeted by a cyber attack. The personal data and confidential information of more than 515,000 people were compromised in the attack.
Type: Data Breach
Title: ICRC Cyber Attack
Description: The computer servers of the International Committee of the Red Cross (ICRC) were targeted by a cyber attack, compromising personal data and confidential information on more than 515,000 highly vulnerable people. The perpetrator of this attack is unknown. There are no signs that the hacked data has been shared publicly or leaked. The ICRC is working with partners to understand the scale of the attack and implement necessary safeguards.
Type: Data Breach
Threat Actor: Unknown
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach INT161413222
Data Compromised: Personal data, Confidential information
Systems Affected: Computer servers
Incident : Data Breach INT14030723
Data Compromised: Personal data, Confidential information
Systems Affected: Computer servers
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Data, Confidential Information, , Personal Data, Confidential Information and .
Which entities were affected by each incident ?
Incident : Data Breach INT161413222
Entity Name: International Committee of the Red Cross
Entity Type: Non-profit Organization
Industry: Humanitarian
Customers Affected: 515000
Incident : Data Breach INT14030723
Entity Name: International Committee of the Red Cross
Entity Type: Non-profit Organization
Industry: Humanitarian Aid
Customers Affected: 515000
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach INT161413222
Type of Data Compromised: Personal data, Confidential information
Number of Records Exposed: 515000
Incident : Data Breach INT14030723
Type of Data Compromised: Personal data, Confidential information
Number of Records Exposed: 515000
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unknown.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal data, Confidential information, , Personal data, Confidential information and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Computer servers and Computer servers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Confidential information and Personal data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 1.0K.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=icrc' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
