| Recurring |
one_organization |
(a) The software failure incident has happened again at one_organization:
The International Committee of the Red Cross (ICRC) experienced a cyber-attack where hackers seized the data of over 515,000 vulnerable individuals. This incident led to the compromise of personal data and confidential information, impacting people separated from their families due to conflict, migration, and disaster, among others. The attack targeted an external company in Switzerland that the ICRC contracts to store data, resulting in the shutdown of computer systems supporting the Restoring Family Links program [123251].
(b) The software failure incident has happened again at multiple_organization:
There is no specific mention in the provided article about similar incidents happening at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in Article 123251 can be attributed to the design phase. The cyber-attack on the International Committee of the Red Cross (ICRC) was a result of hackers targeting an external company in Switzerland that the ICRC contracts to store data. This indicates a failure in the design or security measures implemented during the system development or data storage procedures [123251].
(b) Additionally, the incident can also be linked to the operation phase. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, indicating a failure in the operation or misuse of the system that led to the breach [123251]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident in this case was caused by a cyber-attack on the computer servers hosting information held by the International Committee of the Red Cross (ICRC) [123251]. The attack compromised personal data and confidential information on more than 515,000 highly vulnerable people. The ICRC had to shut down its computer systems underpinning its Restoring Family Links programme as a result of the attack [123251].
(b) outside_system: The contributing factor that originated from outside the system was the cyber-attack carried out by hackers targeting an external company in Switzerland that the ICRC contracts to store data. The attack compromised the data of vulnerable individuals from at least 60 Red Cross and Red Crescent national societies around the world [123251]. |
| Nature (Human/Non-human) |
human_actions |
(a) The software failure incident in this case was not directly attributed to non-human actions. It was a cyber-attack carried out by hackers who targeted an external company in Switzerland that the ICRC contracts to store data [123251].
(b) The failure in this incident was primarily due to human actions, specifically the actions of hackers who conducted a cyber-attack on the ICRC's computer servers, compromising personal data and confidential information of over 515,000 vulnerable individuals [123251]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident in this case does not seem to be related to hardware issues. The incident was a cyber-attack where hackers targeted computer servers hosting information of the International Committee of the Red Cross (ICRC) [123251]. This attack compromised personal data and confidential information of over 515,000 highly vulnerable individuals. There is no mention of any hardware failure contributing to this incident.
(b) The software failure incident is directly related to software issues. The cyber-attack on the ICRC's computer servers resulted in the compromise of personal data and confidential information. The attack led to the shutdown of the computer systems supporting the ICRC's Restoring Family Links program, which aims to reunite family members separated by conflict, disaster, or migration [123251]. This incident is a clear example of a software failure caused by external factors, in this case, a cyber-attack. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident in this case is malicious. Hackers carried out a sophisticated cyber-attack against the International Committee of the Red Cross, compromising personal data and confidential information of over 515,000 highly vulnerable people. The attack was aimed at seizing data from individuals separated from their families due to conflict, migration, and disaster, as well as missing persons and people in detention. The ICRC expressed concerns about the potential risks that come with this breach, emphasizing the harm that could be caused to those already in need of humanitarian services [Article 123251]. |
| Intent (Poor/Accidental Decisions) |
unknown |
The software failure incident reported in Article 123251 was a cyber-attack on the International Committee of the Red Cross (ICRC) resulting in the compromise of personal data and confidential information of over 515,000 highly vulnerable individuals. The incident was not attributed to poor decisions or accidental decisions within the ICRC but rather to external hackers who targeted an external company in Switzerland that the ICRC contracts to store data. The attack was described as a sophisticated cybersecurity attack, indicating a deliberate and malicious intent by the hackers rather than a failure stemming from internal poor or accidental decisions made by the ICRC [123251]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in Article 123251 was not attributed to development incompetence. The incident was a cyber-attack on the International Committee of the Red Cross, where hackers seized the data of over 515,000 vulnerable individuals. The attack compromised personal data and confidential information stored by an external company contracted by the ICRC, leading to concerns about the potential risks for the affected individuals [123251].
(b) The software failure incident in Article 123251 was accidental. It was a result of a sophisticated cybersecurity attack by hackers targeting an external company in Switzerland that stored data for the ICRC. The attack led to the compromise of personal data and confidential information of more than 515,000 highly vulnerable individuals, including those separated from their families due to conflicts, migration, and disasters [123251]. |
| Duration |
temporary |
(a) The software failure incident in this case seems to be temporary rather than permanent. The incident was a result of a cyber-attack where hackers seized data from the International Committee of the Red Cross (ICRC) servers. The ICRC had to shut down its computer systems underpinning its Restoring Family Links programme as a response to the attack. This indicates that the failure was due to specific circumstances (the cyber-attack) rather than being a permanent failure [Article 123251]. |
| Behaviour |
crash |
(a) crash: The software failure incident in Article 123251 resulted in a crash as the International Committee of the Red Cross had to shut down its computer systems underpinning its Restoring Family Links programme due to the cyber-attack [123251].
(b) omission: The software failure incident in Article 123251 did not involve omission as the attack compromised personal data and confidential information on more than 515,000 highly vulnerable people, indicating that the system was actively accessed by the hackers [123251].
(c) timing: The software failure incident in Article 123251 did not involve timing issues as there was no mention of the system performing its intended functions too late or too early [123251].
(d) value: The software failure incident in Article 123251 did not involve value issues as there was no mention of the system performing its intended functions incorrectly [123251].
(e) byzantine: The software failure incident in Article 123251 did not involve byzantine behavior as there was no mention of inconsistent responses or interactions by the system [123251].
(f) other: The software failure incident in Article 123251 did not exhibit any other specific behavior beyond the crash and compromise of data mentioned in the article [123251]. |