The New Humanitarian reports:
A cyber-attack targeting the World Food Programme has exposed sensitive personal information belonging to some 600,000 households in Gaza, the UN’s food agency has confirmed, in what may be the largest-known breach of humanitarian beneficiary data to date.
WFP is investigating a “security-related incident” in which “unauthorised actors” accessed personal information submitted by Palestinians in Gaza, the agency said in a statement sent to aid recipients via Telegram on 31 May.
The exposed information included names, ID and mobile numbers, and location data, the statement said.
WFP confirmed the data breach on 2 June: “WFP recently detected unauthorized access of its self-registration application (SRA) for Palestine, where individuals are able to register to receive food and cash assistance after verification,” a spokesperson said in a statement responding to questions from The New Humanitarian. “WFP took immediate action to shut down the platform, contain the intrusion, and strengthen its security controls to prevent further exposure.”
More than 2 million people in Gaza have submitted their personal information to WFP’s self-registration application, known as People Portal, which the WFP credits for cutting registration red tape and response times. The spokesperson said the compromised data is “isolated to the SRA application used only in Palestine”.
An investigation is under way, and no party has claimed responsibility, WFP said.
WFP said the cyber-attack occurred on 14 May. The Telegram message to affected Gazans was sent 17 days later.
Read more at The New Humanitarian.
