Site navigation

Leaked Report Reveals United Nations Suffered Major Data Breach

Dominique Adams


COVID-19 Research

Dozens of servers at the United Nations were allegedly compromised by sophisticated hackers in what appears to be espionage operation last summer.

A confidential internal document leaked to The New Humanitarian (TNH) suggests that hackers gained unauthorised access to the United Nation’s (UN) networks in Geneva and Vienna in 2019.

Top officials at the UN kept largely quiet about the incident which put staff, other organisations and individuals at risk, according to data protection advocates. Staff were told to reset their password, but not told why.

UN tech teams were informed of the incident in an August 2019 alert that stated: “We are working under the assumption that the entire domain is compromised. The attacker doesn’t show signs of activity so far, we assume they established their position and are dormant.”

Dozens of servers were compromised during the hack. Among those affected was the human rights office and its human resources department, according to the leak.

Roughly 400GB of data is believed to have been siphoned off by the hackers, including Active Directory of users, according to the TNH.

This attack is believed to be the largest ever on the UN and the incident was described by a senior UN official as a “major meltdown”.

An internal report on the incident, supposedly seen by the Associated Press (AP), indicates the hackers exploited a Microsoft SharePoint flaw to access the UN network and spread an unknown malware.

The UN confirmed to the TNH that it had kept the breach, which has been classified as a serious incident, quiet.

“The attack resulted in a compromise of core infrastructure components,” said UN spokesperson Stéphane Dujarric.

“As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.”


According to an anonymous UN official, since the incident the organisation’s systems have been reinforced. The official, who agreed to speak openly about the hack on the condition of anonymity, said the attack was very sophisticated and could be a state-backed actor due to the level of skill.

The type of malware deployed by the hackers is unknown, as is the location of the servers used to steal the data. It is also unclear how the attackers maintained presence on the network once inside.

“It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward,” the official added. “There’s not even a trace of a clean-up.”

Dominique Profile Picture

Dominique Adams

Staff Writer, DIGIT

Latest News

%d bloggers like this: