A vpnMentor report said cybersecurity researcher Jeremiah Fowler discovered a non-password-protected database containing 115,141 records linked to the UN Trust Fund to End Violence Against Women.
Highlights of the data breach:
Sensitive Information Exposed: The database contained confidential information such as financial reports, bank account details, staff documents, passports, ID cards, and testimonies from victims.
Potential Risks: Exposure of the database could lead to privacy and security risks for charity workers and beneficiaries, especially in regions where gender-based violence is prevalent.
Scope of Data: The exposed files included details of over 1,600 civil society organizations, their UN application statuses, staff names, salaries, and registration documents.
Chibok Schoolgirl Mention: Some documents contained personal details from individuals like a letter from one of the Chibok schoolgirls kidnapped by Boko Haram in 2014.
Database Size: The database amounted to 228 GB of data, including documents in .PDF, .xml, .jpg, .png, and other formats.
UN Women Involvement: The files referenced UN Women, the agency managing the UN Trust Fund, though it is unclear if they directly managed the database or if it was outsourced.
UN’s Response: Public access to the database was restricted after Jeremiah Fowler reported the breach, though the response from UN Women is unknown.
Fraud and Scam Concerns: The breach highlighted concerns about potential fraud, phishing, and scams targeting UN Women and its affiliates.
Is it available in public: Jeremiah Fowler did not find any public cases of fraud or misuse directly linked to the UN Trust Fund. However, no system is immune to fraud or attempts to obtain funds from agencies like the UN.
Data Security Awareness: The incident underscores the need for stronger cybersecurity measures to protect sensitive information, especially in humanitarian and charity organizations.
