UNICEF leaks personal data of 8,000 users

The security leak was quickly and proactively remedied and it's confident that it won't face a GDPR probe

UNICEF

The United Nations' children's agency UNICEF has leaked thousands of individuals' personal data through its online learning portal Agora.

An email was mistakenly sent on 26 August to 20,000 Agora users containing the private data belonging to 8,253 people who enrolled on the platform's immunisation courses.

Agora offers courses on child rights, humanitarian action, data, research and is used by UNICEF staff and members of the public.

Advertisement - Article continues below

"This was an inadvertent data leak caused by an error when an internal user ran a report," said Najwa Mekki, media chief at UNICEF in an email to Devex.

"The personal information accidentally leaked may include the names, email addresses, duty stations, gender, organization, name of supervisor and contract type of individuals who had enrolled in one of these courses, to the extent that these details were included in their Agora user's profile."

UNICEF became aware fi the incident a day after the email was sent and remedied the situation to "prevent such an incident from reoccurring".

Agora users were sent an email explaining the situation which then asked them to delete the spreadsheet full of data they may have received from their inboxes and their recycle bins too. The email also included an apology from UNICEF.

Advertisement
Advertisement - Article continues below

"Cybercriminals continue to build their database of account details and credentials," said Lisa Baergen, director at NuData Security.

Advertisement - Article continues below

"I continue to advise users to change their passwords immediately after being informed of a breach while not clicking on any links in unexpected emails, and to use unique passwords for each account they create."

Whether UNICEF will be subject to a GDPR investigation is undetermined as of yet, with some experts thinking that UNICEF may avoid one as it's a United Nations (UN) organisation.

Clare Sullivan, managing director of CyberSMART told Devex that UNICEF will probably be exempt from a GDPR probe as a UN body but it's something that still hasn't been tested in court.

Mekki, however, took a more absolute approach when addressing the question and said: "UN entities are not subject to GDPR" and that UNICEF did not report the case to authorities.

"The fact that UN organisations are not subject to GDPR should not mean that data protection practices should fall off the radar," said Javvad Malik, security awareness advocate at KnowBe4.

"All companies - and specifically intergovernmental organisations - should look to improve their cyber security posture, ensuring all staff are aware of their responsibilities."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/operating-systems/microsoft-windows/355781/microsoft-confirms-further-issues-with-troublesome
Microsoft Windows

Microsoft's latest Windows 10 update is causing yet more issues

26 May 2020
Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/infrastructure/network-internet/355792/intel-releases-wi-fi-and-bluetooth-driver-updates-for
Network & Internet

Intel releases Wi-Fi and Bluetooth driver updates for Windows 10

26 May 2020