UN confirms hack, but says no sensitive data compromised
The UN confirmed a report Wednesday that it had suffered a cyberattack last year, including at its rights agency, but insisted the hackers had not accessed any sensitive information.
The New Humanitarian agency reported Wednesday that it had obtained a confidential UN report detailing how hackers broke into dozens of UN servers in Geneva and Vienna starting last July.
The group described the attack as “one of the largest ever known to have affected the world body”, and warned it raised serious data safety concerns.
The UN Office of the High Commissioner for Human Rights (OHCHR), which collects highly sensitive data about victims and perpetrators of rights abuses around the world, was among the hacking victims.
UN spokesman Stephane Dujarric confirmed to reporters in New York the UN had been the target of a cyber attack “in the middle of last year”, stressing that “the damage related to the specific attack has been contained and additional measures implemented.”
He downplayed the importance of the attack, stressing that “the UN responds to multiple attacks at various levels of sophistication on a daily basis.”
“This particular attack is not a landmark event.”
The rights agency meanwhile acknowledged Wednesday that some of its servers had been targeted in the attack.
But it insisted that “although hackers accessed a self-contained part of our system in July 2019, the development servers they accessed did not hold any sensitive data or confidential information”.
The hackers had accessed the OHCHR’s Active User Directory, which contains user IDs for staff and devices, it said, adding though they had not accessed passwords nor any other parts of the agency’s system.
“The UN Human Rights Office takes breaches of security extremely seriously,” it said.
It stressed that it was well aware of “the potential effects should people gain unauthorised access to our data, and the responsibility we have, both online and offline, to protect victims, staff, partners and any individuals and groups who collaborate with us.”
“We want to assure all concerned parties that this hacking attempt did not compromise sensitive information within this Office.”
The rights office acknowledged that it like many other institutions and companies faces “frequent attempts to access our computer systems”.
But it said it was “constantly further reinforcing existing multifaceted safeguards to preserve the integrity of our systems and the data they hold.”
Comments