Cyberattack on Norwegian Refugee Council online database

Published 13. Jul 2023

Update as of 18 July 2023: NRC has concluded the investigation on the data breach incident and initiated measures to address vulnerabilities and mitigate risks. The cyber-attack was confirmed to have affected a stand-alone online application for a single programme in one NRC country operation. We have taken steps to notify and support affected project participants including by setting up a hotline for people to seek further information. We have informed all NRC institutional donors, as well as relevant local and global partners related to the data processed in the system. We remain committed to safeguarding the data of our project participants and ensuring further strengthening of our systems globally.

The Norwegian Refugee Council (NRC) recently identified a cyberattack on an online database containing the personal information of thousands of project participants. As soon as we became aware of this breach, we took immediate action to suspend the online database in order to safeguard the personal information and prevent further attacks.  We have initiated an external forensic investigation to determine the extent and impact of the cyberattack. Further measures will be taken to enhance the security of the data and support those who may be affected. Safeguarding the data of our project participants is of paramount importance to us, and we strive to do everything possible to protect it. The personal information of vulnerable people in need of humanitarian assistance must never be targeted.