The United Nations’ offices in Geneva and Vienna were victims of a massive cyberattack, which compromised the infrastructure of the organization’s systems and potentially leaked sensitive information.
A confidential internal report about the UN’s networks obtained by The New Humanitarian revealed that dozens of servers were affected by a cyberattack sometime in July 2019, including the Office of the United Nations High Commissioner for Human Rights in Geneva. The UN Geneva and Vienna offices employ about 4,000 staff between them.
Information such as staff records, health insurance, and commercial contract data were compromised, the UN confirmed.
“The attack resulted in a compromise of core infrastructure components,” UN spokesperson Stéphane Dujarric told The New Humanitarian.
Other infrastructure components affected by the attack, as identified by the internal report, include the offices’ printing, antivirus, and human resources systems. The hackers allegedly made off with about 400GB of data.
Dujarric also said that since the UN has yet to determine the exact nature and scope of the incident, the organization had chosen not to publicly disclose the breach. The cyberattack went unreported until The New Humanitarian came across the internal report, which was dated September 20, 2019, during its investigation.
Jake Williams, a former hacker for the US government, told the Associated Press that the attack “definitely looks like espionage.” The cyberattackers allegedly attempted to conceal their intrusion by deleting the logs that would have documented their entry into the servers.