Save the Children appears to have been hacked by the Chinese data extortion gang BianLian, according to data posted to the latter’s victim blog. Though it does not mention the charity by name, the cybercrime organisation claims to have stolen up to 8GB of files from an international NGO “employing over 25,000 staff and operating in 116 countries”, a description experts have said fits the profile of Save the Children.
Founded in 1919 with the goal of protecting and educating children around the world, as of last year Save the Children International and its supporters had an annual income of $2.5bn. The data BianLian claims to have stolen from the charity includes personal, finance and medical information belonging to its staff, along with internal email correspondence. None of this has yet been published by the gang, and no ransom demand has been publicly made.
Save the Children confirmed that an outside party had obtained unauthorised access to part of its network, though it stressed that there had been no operational disruption as a result. “We are working hard with external specialists to understand what happened and what data was impacted, so we can take all the appropriate next steps,” a spokesperson told Tech Monitor. “Our systems are also secured, and we are confident in the ongoing integrity of our IT infrastructure.”
If proven, this would be the third time in recent years that Save the Children has fallen prey to cybercriminals. In 2020, the charity admitted that the giving history and contact information of some of its supporters were stolen during a breach of one of its vendors. In 2017, meanwhile, the NGO was conned out of almost $1m as part of a phishing scam.
Who is BianLian?
The origins of BianLian remain obscure. According to the US Cybersecurity and Infrastructure Security Agency, the gang has been targeting hospitals and critical national infrastructure in Europe, the US and Australia since at least June 2022.
At the beginning of this year, the gang is understood to have switched from ransomware attacks to simple data extortion. Previous victims have included St. Rose Hospital in California, which saw 1.7TB of its patients’ data stolen in January, and the Murfreesboro Medical Clinic in Tennessee, which in July saw the private medical information of some 559,000 people exposed.
Data extortion is proving increasingly common among cybercriminal gangs, Picus Security’s Hüseyin Can Yuceel told Tech Monitor in May. “Although these attacks do not leverage the power of cryptographic encryption algorithms, they still pose significant risks to organisations,” he explained.
Save the Children told Tech Monitor that its investigation into its breach is ongoing. “These types of incidents are a reality that all organisations face, but it is disappointing that Save the Children, whose core purpose is to help those most in need, is also subject to such unwarranted activity,” the charity’s spokesperson told Tech Monitor. “We will get to the bottom of this, and we thank all our staff and supporters for their patience and understanding in the meantime.”