Cyber Incident Victim: Norwegian Refugee Council

The Norwegian Refugee Council identified a cyberattack targeting an online database containing the personal information of thousands of its project participants. Upon discovery of the breach, immediate action was taken to suspend the affected online database. This decisive step was implemented to safeguard the personal information contained within the system and to prevent any further attacks from occurring. The organization promptly initiated an external forensic investigation to determine the full extent and impact of the cyberattack. This investigation was a critical component of the response, aimed at understanding the scope of the compromise and the specific data that was accessed. The Norwegian Refugee Council emphasized that safeguarding the data of its project participants is of paramount importance, and it strives to do everything possible to protect such sensitive information. The incident highlighted the concerning reality that the personal information of vulnerable people in need of humanitarian assistance was targeted, raising significant ethical and security concerns.

By July 18, 2023, the Norwegian Refugee Council had concluded its investigation into the data breach incident. The findings from the investigation confirmed that the cyberattack had affected a stand-alone online application dedicated to a single programme within one of the NRC's country operations. This specificity indicated that the breach was contained to a particular system and was not a network-wide compromise of the organization's global IT infrastructure. Following the conclusion of the investigation, the NRC initiated measures to address the identified vulnerabilities and mitigate future risks. These measures were part of a comprehensive effort to strengthen security protocols and prevent similar incidents from happening again. The organization's commitment to enhancing its data protection frameworks was a direct response to the lessons learned from this security event.

The Norwegian Refugee Council took concrete steps to notify and support the project participants who were affected by the data breach. Recognizing the potential distress and risk such an incident could cause to vulnerable individuals, the organization set up a dedicated hotline for people to seek further information and assistance. This support mechanism was designed to provide clarity, address concerns, and offer guidance to those whose personal data may have been exposed. Furthermore, the NRC undertook a thorough process of informing all its institutional donors about the incident. Transparency with financial partners was considered essential to maintain trust and accountability. In addition to donors, relevant local and global partners associated with the data processed in the compromised system were also informed, ensuring that all stakeholders were aware of the situation and could take any necessary precautions on their end.

The entire incident underscores the ongoing challenges faced by humanitarian organizations in protecting sensitive data in an increasingly complex digital threat landscape. The attack on a database holding the details of individuals receiving humanitarian aid represents a particularly egregious violation, as these populations are often in precarious situations. The Norwegian Refugee Council's response demonstrated a methodical approach to crisis management, beginning with containment and investigation and followed by remediation and stakeholder communication. The focus remained consistently on the well-being of the project participants and the integrity of the organization's operations. The commitment to further strengthening systems globally signals a proactive stance towards continuous improvement in cybersecurity hygiene and data protection practices, aiming to ensure that such breaches are prevented in the future.