Endgadget: UN confirms it suffered a 'serious' data hack, including sensitive employee data, but didn't inform employees
 |
| Credit: The Next Web |
The United Nations was the victim of a massive, likely state-sponsored hacker attack this past summer, according to reports from The New Humanitarian and Associated Press. To make the matters worse, the organization didn't disclose the details and severity of the hack until those publications obtained an internal document on the situation.
The hackers reportedly downloaded approximately 400GB of data. The servers they breached contained sensitive employee information, but it's not clear exactly what they were able to download. The UN doesn't know the full extent of all the damage yet. Sometime after the attack happened, it told employees to change their passwords but didn't share full details on the situation.
This isn't the first time the UN has failed to disclose a cyberattack. In 2016, Emissary Panda, a group with ties to the Chinese government, accessed servers from the International Civil Aviation Organization. The UN only shared information about the breach after the Canadian Broadcasting Corporation reported on it. According to The New Humanitarian, the UN's unique diplomatic status means it doesn't have to disclose data breaches like other government agencies in the US and EU, something that puts it at odds against cybersecurity best practices.
Read the article in Endgadget
The breach reportedly began in July 2019, though United Nations employees were not made aware of the strike until the end of August.
The New Humanitarian says 20 machines had to be completely rebuilt and U.N. staff had to work a number of overtime hours to isolate the data. One employee described the breach to The New Humanitarian as a “major meltdown.”
One alert received by employees said, “We are working under the assumption that the entire domain is compromised. The attacker doesn't show signs of activity so far, we assume they established their position and are dormant.”
Dozens of servers, including the human rights wing and human resources department, which contains confidential staff information were reportedly compromised in the breach. The report says that the U.N. did not publicly disclose the breach or inform the staff of the hack. Staff was asked to change their passwords.
Read the article in Endgadget
The breach reportedly began in July 2019, though United Nations employees were not made aware of the strike until the end of August.
The New Humanitarian says 20 machines had to be completely rebuilt and U.N. staff had to work a number of overtime hours to isolate the data. One employee described the breach to The New Humanitarian as a “major meltdown.”
One alert received by employees said, “We are working under the assumption that the entire domain is compromised. The attacker doesn't show signs of activity so far, we assume they established their position and are dormant.”
Dozens of servers, including the human rights wing and human resources department, which contains confidential staff information were reportedly compromised in the breach. The report says that the U.N. did not publicly disclose the breach or inform the staff of the hack. Staff was asked to change their passwords.
Comments
Post a Comment
If you are a member of XUNICEF, you can comment directly on a post. Or, send your comments to us at xunicef.news.views@gmail.com and we will publish them for you.