Photo: Kaga Tau (CC BY-SA 4.0)
The United Nations, the World Food Program (WFP), which is the world’s largest humanitarian organization, revealed at the weekend that its request to register Palestine (SRA) has been violated.
The WFP disclosed the incident in a Sunday Telegram message, saying that the registration application used to register aid in Gaza had been breached.
During the breach, the attackers gained access to the personal data of beneficiaries across the Gaza Strip, including the names of affected individuals, social security numbers, phone numbers, and location information (such as location data recorded during registration).
“You do not need to update, delete, or re-register your information. Once registered, you will remain part of WFP’s assistance programs. Food, cash and other assistance will continue as usual, and you will continue to receive assistance,” the organization said. “The Registration Platform (SRA) has been temporarily suspended for urgent security and system protection improvements. The system is currently investigating the incident and continues to monitor the situation.”
In an update on Tuesday, WFP added that the registration platform was temporarily down while it continued to strengthen security measures.
Although the charity has yet to publicly disclose the number of people whose information was stolen in this incident, WFP said in a statement shared with The New Humanitarian that the attackers breached their plans on May 14 and that they stole personal information from about 600,000 Palestinian homes in Gaza.
Over the weekend, WFP also warned Palestinian beneficiaries to “beware of anyone claiming to be the World Food Program and asking for information or money” and not to click or open any suspicious links or messages.
A spokesperson for the World Food Program could not be reached for comment when contacted by BleepingComputer earlier today for more information.
WFP was founded in 1961 and is based in Rome, Italy, WFP is a UN agency funded by donations from governments, organizations, and private donors, and works to fight global hunger and provide emergency food during humanitarian crises.
WFP has more than 20,000 staff in more than 120 countries and territories and operates the largest humanitarian network in the world, with 5,000 trucks, 20 ships, and up to 80 aircraft delivering emergency aid at any given time.
By 2024, it provided $2.82 billion in financial aid and delivered nearly 2.5 million tons of food to millions of people around the world.
This is not the first data breach to affect the United Nations agency in recent years. For example, the United Nations itself failed to disclose the cyberattack that affected its offices in Geneva in August 2019, and five years ago, the UN’s Environmental Program (UNEP) disclosed the personally identifiable information (PII) of more than 100,000 employees.
Recently, in 2024, the 8Base ransomware attack attacked the UN Development Program (UNDP), and the attackers stole about 42,000 records from the recruitment database belonging to the UN International Civil Aviation Organization (ICAO).
Security teams penetrate 54% of successful attacks and monitor 14%. Some walk around the area without being seen.
The Picus white paper shows how breaches and attack simulations evaluate your SIEM and EDR rules so that threats stop slipping through detection.
Get a white paper
