A cyber-attack targeting the World Food Program has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date. WFP is investigating a “security-related incident” in which “unauthorized actors” accessed personal information submitted by Palestinians in Gaza, the agency said in a statement sent to aid recipients via Telegram on May 31. The exposed information included names, ID and mobile numbers, and location data, the statement said.
WFP confirmed the data breach on June 2. “WFP recently detected unauthorized access of its self-registration application (SRA) for Palestine, where individuals are able to register to receive food and cash assistance after verification,” a spokesperson said in a statement responding to questions from The New Humanitarian. “WFP took immediate action to shut down the platform, contain the intrusion, and strengthen its security controls to prevent further exposure.”
More than 2 million people in Gaza have submitted their personal information to WFP’s self-registration application, known as People Portal, which the WFP credits for cutting registration red tape and response times. The spokesperson said the compromised data is “isolated to the SRA application used only in Palestine.”
An investigation is under way, and no party has claimed responsibility, WFP said.
WFP said the cyber-attack occurred on May 14. The Telegram message to affected Gazans was sent 17 days later.
Digital security experts say aid groups are increasingly the target of sophisticated hacks and cyber-attacks. In one of the largest previously known breaches of humanitarian data, sensitive personal information belonging to 515,000 people was exposed in a 2022 hack targeting the International Committee of the Red Cross. The following year, the Norwegian Refugee Council said a cyber-attack hit a database containing info on thousands of project participants in one country. In the past, the UN has also come under fire for failing to disclosecyber-attacks.
From The New Humanitarian, June 2, excerpt.
Photo: Mohammed Nateel/UNICEF via UN News
