News
Exposed UN Database Left Sensitive Data Vulnerable Online
The unsecured files contained the data of organizations combating violence against women, posing a severe risk for vulnerable groups.
A United Nations Trust Fund database designed to combat violence against women was recently found openly accessible online, revealing over 115,000 files. The exposed documents included sensitive personal and organizational information from groups that partner with or receive support from UN Women and included staffing, contracts, letters, and even financial audits.
Security researcher Jeremiah Fowler discovered the unsecured database, which lacked password protection or other access controls, and promptly notified the UN, who swiftly secured the database. Fowler notes that these types of data exposures are common, but stresses the importance of maintaining awareness about such vulnerabilities:
“They’re doing incredible work, helping real people in challenging situations, but cybersecurity remains a critical issue,” Fowler explained. “I’ve found numerous examples of exposed data before, but in this case, it’s about organizations aiding people at risk simply for existing in certain regions”.
UN Women acknowledged the incident in a statement, expressing gratitude for the collaboration with cybersecurity experts and that it had launched an investigation.
The exposed data presents multiple security concerns. Financial audits in the database included bank account details, and the disclosures revealed how organizations receive and allocate their funding. Additionally, the information provided insights into staffing and internal operations, which could be exploited to trace connections between civil society organizations.
Also Read: The Top 10 Worst Cyberattacks In The Middle East Revealed
“You’ve got details on organizations, their staff, and projects with budgets in the millions,” Fowler explained. “If this information landed in the wrong hands, it could be used by scammers or even authoritarian regimes to identify which organizations are working where and who they’re collaborating with”.
Fowler expressed particular concern for the people mentioned in the database, many of whom had shared deeply personal experiences, including stories of abuse, kidnapping, and other traumatic events, likely under the assumption that their identities would remain protected.
If this incident spurs a broader review of the UN’s data security infrastructure, it could help prevent future breaches and mitigate risks for the vulnerable populations UN Women and other UN organizations serve.