Data Breach at UN City Copenhagen possibly affecting staff and former staff

Shared by an anonymous former staff member

Staff and former staff of UNDP and agencies whose personnel data is managed by UN City in Copenhagen have begun receiving the letter below.  Note below the contact for the UNDP Privacy Team, if you have any concerns.

"Dear ........

We are writing to inform you of an event that may have impacted the privacy of some of your information. We are providing you with this letter as a precaution to inform you of the event, our response, and steps you may take to protect your information, should you feel it is necessary to do so.

What happened. On 27 March 2024, UNDP became aware of online claims that one of our computer systems had been attacked. As part of our commitment to the information security and privacy of our personnel, partners, and beneficiaries, we immediately activated our incident response team to investigate the claims. Through an investigation conducted by specialists, we learned that an unknown actor gained access to a locally hosted server in UN City in Copenhagen and copied certain information from those systems. We are notifying you because your information was contained in files that were copied.

What Information Was Involved?  The information contained within the files concerned your personally identifiable information including your name, date of birth and social security number. Bearing in mind the data involved, we consider that the consequence of this incident has potential risks for you typically associated with identity theft and fraud. However, we currently have no evidence of actual or attempted misuse of your information.

What we are doing. The confidentiality, privacy, and security of information within our care is among UNDP’s highest priorities. Upon learning of the event, we took immediate steps to secure our environment and investigate the activity. We commenced an investigation that includes working with an internal and external team of specialists to understand the nature and scope of the event. As part of our ongoing commitment to the security of information, we are also reviewing and further strengthening existing our systems setup, policies and procedures.

What you can do. We encourage you to remain vigilant against incidents of identity theft and fraud and to review your account statements and monitor your credit reports (if available) for suspicious activity and to detect errors.

More information. If you have any questions or concerns, please contact our privacy team at privacy@undp.org. We appreciate your patience and understanding as we work to quickly resolve this matter.

Sincerely, UNDP Privacy team."