UN Food Program reports cyberattack on Gaza enrollment system, data from 600,000 households stolen

The United Nations World Food Program has confirmed that its Gaza beneficiary enrollment system was hacked on May 14, with attackers extracting personal data tied to roughly 600,000 Palestinian households across the territory.

The UN agency, which describes itself as the world’s largest humanitarian organization, disclosed the breach publicly in a Telegram post on Sunday. The compromised records include names, government-issued identification numbers, phone numbers, and location data such as neighborhood information collected at registration. The WFP said it took the registration platform offline following discovery of the incident and has brought in outside experts to assist with the investigation while it works to strengthen the system’s defenses. As of Tuesday, the platform remained suspended.

The agency moved to reassure enrolled Palestinians that their benefits would not be affected. "You do not need to update, delete, or re-register your information. If you are already registered, you will remain part of the WFP assistance programs. Food, cash, and other assistance will continue as normal, and you will continue to receive assistance," the organization said. The WFP added that it is continuously monitoring the situation.

The agency also cautioned beneficiaries to be alert to anyone claiming to represent the WFP and requesting personal information or money, and to avoid opening suspicious links or messages, warning that the breach could be exploited for fraud.

Established in 1961 and headquartered in Rome, the WFP is financed through contributions from governments, corporations, and private donors. The agency employs more than 20,000 staff across over 120 countries and territories and runs the largest humanitarian logistics operation in the world, with a fleet of 5,000 trucks, 20 ships, and roughly 80 aircraft deployed at any given time. In 2024, it distributed $2.82 billion in financial assistance and delivered approximately 2.5 million metric tons of food to recipients worldwide.

The breach adds to a growing list of security incidents affecting United Nations agencies in recent years. The UN did not publicly disclose a cyberattack on its Geneva offices in August 2019. The UN Environment Program separately exposed the personally identifiable information of more than 100,000 employees. In 2024, the ransomware group 8Base attacked the UN Development Program, and an unrelated intrusion resulted in the theft of roughly 42,000 records from a recruitment database at the UN International Civil Aviation Organization.