UN ‘covered up’ serious data breach affecting thousands of workers

Thousands of employees hit by likely state-sponsored attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The United Nations fell victim to a massivecyberattackin July, but informed neither the public nor the employees affected. It is believed the attack was state-sponsored, but the identity of the hackers is unknown.

The incident, which came to light after a confidential document was leaked to The New Humanitarian, could have affected the data of up to 4,000 UN employees. Staff records, health insurance and commercial contract data were compromised in the breach.

Hackers gained access via a flaw inMicrosoft SharePointand used sophisticated malware to scrape dozens of UN servers across three of its European offices. It is thought the incident could have been avoided with a simple software patch.

The attack is among the largest ever encountered by the intergovernmental organisation.

Cover-up

Cover-up

Under diplomatic immunity, the UN does not have to report what information the hackers gained access to, nor notify the affected staff. When the breach was discovered in September, employees were advised to change their passwords but not informed of the reason.

“The attack resulted in a compromise of core infrastructure components,” said UN spokesperson Stéphane Dujarric. “As the exact nature and scope of the incident could not be determined, [the UN] decided not to publicly disclose the breach.”

Asked whether the vulnerability has yet been rectified, Dujarric said “multiple workshops and assessments have been conducted to verify that the exploited vulnerabilities have been mitigated.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The damage to trust in the international institution may take longer to repair.

ViaThe New Humanitarian

Joel Khalili is the News and Features Editor at TechRadar Pro, covering cybersecurity, data privacy, cloud, AI, blockchain, internet infrastructure, 5G, data storage and computing. He’s responsible for curating our news content, as well as commissioning and producing features on the technologies that are transforming the way the world does business.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Google Pixel Watch 2 plunges back down to lowest-ever price ahead of Black Friday