BianLian, previously known as a ransomware gang but more recently known for not bothering with encryption but just hacking and exfiltrating data, has reportedly attacked Save the Children, a well-known non-profit.
While BianLian did not name the charity (they obfuscate their victims’ names while they are still hoping to get paid), their description of the charity matches Save the Children’s description. The criminals claim to have exfiltrated 6.8TB of files that include human relations (personnel) files, personal data, and financial records. They also claim to have medical and health data and email messages. Whether the medical/health data is from employees or from children they have served is not clear. All of the data is described as international — from the U.S., U.K., and other countries.
In a statement to Tech Monitor, Save the Children confirmed that it had suffered a breach but stated that no operations were disrupted. “We are working hard with external specialists to understand what happened and what data was impacted, so we can take all the appropriate next steps. Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure,” they informed them.
There does not appear to be any notice on Save the Children’s website at this time.