The hack has forced the Red Cross to shut down IT systems that support a program that reunites families separated by conflict, migration or disaster, the humanitarian organization said.
It is unclear who was responsible for the cyber incident, but the Red Cross said its "most pressing concern" was the potential for the compromised data to be leaked. There is no indication that this has happened yet, according to the Red Cross.
"We are all shocked and confused that this humanitarian information would be targeted and compromised," ICRC Director General Robert Mardini said in a statement.
The hack hit a Swiss-based company that the Red Cross pays to store its data, the humanitarian organization said without mentioning the company. The compromised data came from at least 60 of the "national communities" or networks of volunteers and staff around the world that the Red Cross uses as first aiders for disasters.
"As a first step, we will work with most concerned ICRC delegations and Red Cross and Red Crescent Societies on the ground to find ways to inform individuals and families whose data may have been compromised, what steps are being taken to protect their data and the risks they may face, "Red Cross spokeswoman Elizabeth Shaw told CNN in an email.
Shaw said ransomware was not involved in the incident and that the Red Cross was working with "highly specialized" cybersecurity firms to respond to the hack.
Lukasz Olejnik, a former cyber warfare adviser at the Red Cross headquarters in Geneva, told CNN that the incident "appears to be the largest and most sensitive breach in ICRC history and probably given the sensitivity of all humanitarian organizations to date."
The Red Cross should consider asking governments that are parties to the Geneva Conventions for help in overcoming the hack, Olejnik, who is an independent cybersecurity consultant, told CNN.