According to recent reports, the UN decided not to publicly disclose that its IT systems were targeted by a major hack in late August 2019.
It was recently uncovered that the UN suffered a major hacking attack in August 2019, however, it also decided not to reveal the incident to the public. Reports say that its IT systems in Europe were under attack and that Geneva offices issued an alert about the incident.
The UN doesn’t have to report a major data breach to anyone. It didn’t.https://t.co/3VxofEP7Yi
— The New Humanitarian (formerly IRIN News) (@newhumanitarian) January 29, 2020
The UN alerted its tech teams with the warning that it is best to assume that the entire domain is compromised, and the hacker is presumed to be in position and dormant. The breach is now considered to be one of the largest breaches of the world body in history.
The attack allegedly started in mid-July, and the UN has been determining the damage for months to follow. The decision was made to remain quiet regarding the breach, as the nature and scope of the incident were unknown. The UN did take some precautions, requesting that all passwords are changed, but it did not notify its staff of the breach either, or that their personal data may be compromised.
So far, it is known that dozens of servers in three locations were affected. That includes the UN Office at Geneva, the UN Office at Vienna, and the UN Office of the High Commissioner for Human Rights (OHCHR) headquarters, also located in Geneva. It is known that a wide range of data was held on the affected servers, but it remains unknown what exactly was taken.
However, some estimates say that around 400 GB of data was downloaded during the attack.
Known Hack Details
The identity of the attacker remains unknown as well, but the researchers noted that the attack has the hallmarks of a ‘sophisticated threat actor.’ Of course, the UN has been under hacking attacks countless times, and its defenses usually managed to hold.
Now, however, the UN’s defenses have been breached, and many have noted that it is surprising and disappointing for such a massive organization that collects such sensitive data to make itself vulnerable.
Worse still, they decided to keep quiet about the attack, preventing affected individuals and organizations from tightening their own security in order to protect themselves from similar attacks. The UN’s own report called ‘The right to privacy in the digital age’ states that enterprises should notify their customers as quickly as possible after identifying the breach. And yet, the UN itself decided not to do so, thus breaking its own rules.
Images are courtesy of Shutterstock, Twitter, Pixabay.