### **WFP** Confirms Breach of Gaza Registration Data Over the weekend, the **United Nations' World Food Programme (WFP)** disclosed that its self-registration application (SRA) for Palestine had been compromised. The SRA, used by beneficiaries to register for assistance in the **Gaza Strip**, was breached on May 14, leading to the theft of sensitive personal information. The **WFP** initially communicated the incident via a [Sunday Telegram message](https://t.me/wfp_gaza/20), confirming unauthorized access to data. Stolen information includes beneficiaries' names, ID numbers, phone numbers, and specific location details such as neighborhood data recorded during registration. ### Immediate Response and Scale of Impact Following the discovery, the **WFP** temporarily suspended the registration platform (SRA) to implement urgent security and system protection improvements. Investigations into the incident are ongoing, with continuous monitoring of the situation. While the humanitarian organization has not yet publicly disclosed the exact number of affected individuals, a statement shared with [The New Humanitarian](https://www.thenewhumanitarian.org/news/2026/06/02/data-600000-gaza-households-exposed-wfp-cyber-attack) indicated that the breach exposed information belonging to approximately 600,000 Palestinian households in Gaza. Beneficiaries have been advised by the **WFP** that they do not need to update, delete, or re-register their information. Existing registrations remain valid, and crucial assistance—including food, cash, and other aid—will continue without interruption. The organization also issued a warning, urging individuals to "be wary of anyone claiming to represent the **World Food Programme** and requesting information or money" and to avoid clicking suspicious links or messages. ### Humanitarian Aid Under Cyber Threat Founded in 1961 and headquartered in Rome, Italy, the **WFP** is a **UN** agency dedicated to combating global hunger and providing emergency food relief during humanitarian crises. Funded by governments, corporations, and private donors, it operates an immense logistics network across over 120 countries, delivering aid to millions worldwide. In 2024, the **WFP** disbursed US$2.82 billion in financial assistance and distributed roughly 2.5 million metric tons of food. This incident highlights the growing cybersecurity risks faced by critical humanitarian operations, where data security directly impacts the safety and privacy of vulnerable populations. ### A Troubling Pattern Across **UN** Agencies The **WFP** breach is not an isolated event within the **United Nations** system. Several other **UN** agencies have fallen victim to cyberattacks and data exposures in recent years: * In August 2019, the **United Nations** itself [failed to disclose a cyberattack](https://www.thenewhumanitarian.org/investigation/2020/01/29/united-nations-cyber-attack) that affected its Geneva offices. * The **UN Environmental Programme (UNEP)** exposed the personally identifiable information (**PII**) [of over 100,000 employees](https://www.bleepingcomputer.com/news/security/united-nations-data-breach-exposed-over-100k-unep-staff-records/) five years ago. * More recently in 2024, an **8Base** ransomware attack hit the **UN Development Programme (UNDP)**. * Attackers also stole [approximately 42,000 records](https://www.bleepingcomputer.com/news/security/un-aviation-agency-confirms-recruitment-database-security-breach/) from a recruitment database belonging to the **UN International Civil Aviation Organization (ICAO)**. These recurring incidents underscore a systemic challenge in securing the vast and interconnected digital infrastructure of international organizations, particularly those managing highly sensitive data for millions of beneficiaries globally. For IT security professionals, these breaches serve as a stark reminder of the persistent and evolving threats targeting even the most critical non-profit and governmental entities.