United Nations Development Programme reports ransomware attack and data breach
Learn More
The United Nations Development Programme (UNDP) is managing the aftermath of a ransomware cyberattack that compromised a significant amount of data. The incident targeted the local IT infrastructure at UN City in Copenhagen, which serves as a hub for several UN agencies.
On March 27th 2024, UNDP discovered an unauthorized accesses to their systems. The ransomware gang known as "8base," subsequently listed UNDP on their dark web site and claimed responsibility for the attack. UNDP has taken steps to secure the affected server, identify the breach's source, and assess the full scope of the compromised data.
The stolen data reportedly includes human resources and procurement information, as well as a variety of sensitive documents such as:
- invoices,
- receipts,
- accounting records,
- certificates,
- confidential agreements,
- employment contracts
- dates of birth,
- social security numbers,
- bank account details,
- passport information,
- details concerning the families of both former and current UNDP staff, as well as contractors.
The exact scope of the data breach and the total number of affected individuals are not disclosed.
Ongoing efforts are also focused on maintaining communication with those impacted, to advise them on protecting their personal information from potential misuse.
