Ransomware gang steals 6.8TB of data from Save The Children

Ransomware gang BianLian has claimed responsibility for a cyber attack against nonprofit Save The Children International.

The ransomware gang has been active since June 2022, and primarily targets critical infrastructure and healthcare organizations. In previous attacks, BianLian has extorted these organziations for their data.

While the charity was not directly named by the ransomware gang, in a post on its dark web data leaks site, BianLian identified the charity as being “the world’s leading nonprofit”, and said that said nonprofit makes US$2.8 billion in revenues and operates in 116 countries. This information has lead to the suggestion that Save The Children was the nonprofit targeted in the cyber attack. The charity itself later confirmed that it had been the victim of a data breach in a statement to news site, The Register.

According to the ransomware gang, it was able to steal more than 6.8TB of data from the charity which includes a large range of both business and personal data. The alleged data stolen includes 800GB of financial records, as well as email messages, international HR files and personal data including medical and health data. 

Regarding the cyber security incident, a Save The Children spokesperson told The Register: “Save the Children International recently experienced an IT incident involving unauthorized access to part of our network. There has been no operational disruption and the organization continues to function as normal to build a better future for children across the world. We are working hard with external specialists to understand what happened and what data was impacted so we can take all the appropriate next steps. This process is complex and takes time, but remains our absolute priority.” 

The charity said it had secured its systems following the data breach, and that it is “confident in the ongoing integrity of our IT infrastructure”.  

The nonprofit made a point to mention that while cyber security incidents are “a reality that all organizations face”, the charity is disappointed that “Save the Children, whose core purpose is to help those most in need, is also subject to such unwarranted activity”. 

An investigation into the cyber attack is ongoing, with Save The Children promising that it will work with relevant authorities and “get to the bottom of this”. The nonprofit went on to thak all its staff and supporters for their patience and understanding in the wake of the cyber attack.