Home > Security > Security News

WFP Gaza Data Breach Exposes 600,000 UN Food Agency Household Records

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer
World Food Programme
Summarize with:
ChatGPT logo ChatGPT Claude.ai logo Claude.ai Google AI logo Google AI Grok logo Grok Perplexity logo Perplexity
Google logo Add as preferred source on Google
Key Takeaways
  • Data Breach Scale: World Food Programme said a data breach exposed sensitive information belonging to about 600,000 Palestinian households in Gaza.
  • Platform Suspended: WFP temporarily suspended the Self-Registration Application while investigating the breach, which occurred on May 14.
  • Attribution Unknown: WFP has not identified who may have been behind the intrusion or confirmed whether any data was leaked.

The World Food Programme (WFP) is investigating a security incident that compromised personal information submitted by Palestinians seeking humanitarian assistance in Gaza. In a message sent to aid recipients via Telegram, WFP said "unauthorized parties" had accessed data stored in its self-registration application in Gaza, where individuals register for food and cash assistance after completing a verification process.

What Data Was Exposed

In a statement to The New Humanitarian, a WFP spokesperson said the incident exposed sensitive information belonging to approximately 600,000 Palestinian households in Gaza. The data breach occurred on May 14 and was limited to the Self-Registration Application (SRA) used exclusively in Palestine.

The exposed information included:

WFP temporarily suspended the registration platform while its investigation is ongoing. The spokesperson said the agency took immediate action to shut down the platform, contain the intrusion, and strengthen security controls to prevent further exposure. 

WFP has not publicly identified who may have been behind the intrusion or disclosed how access was gained. It is also not yet clear whether any of the compromised information was leaked or further distributed.

Context: WFP's Role in Gaza

WFP is the world's largest humanitarian organization focused on combating hunger and food insecurity. The agency says it provides food parcels, hot meals, bread, and cash assistance to approximately 1.6 million people in Gaza each month, making the security of its registration data particularly consequential for a highly vulnerable population.

In early 2026, the Pro-Palestine hacktivist group Mr. Hamza claimed an MI6 DDoS attack. In mid-2024, Arid Viper deployed spyware in Egypt and Palestine.

In other recent news, DentaQuest exposed over 2.5 million accounts in ShinyHunters extortion attack, and an Ultrahuman data breach exposed wellness data via an internal analytics tool.

Add a Comment
Related
Pink Extortion Group Linked to UNC6671 and The Com Uses Vishing and Fake Helpdesk Calls to Target Enterprise Data
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for SMTP Relay Abuse, Report Says
OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Attackers Stole Global Stock Exchange Executive's Mailbox for Five Months in Covert Campaign
DentaQuest Exposes Over 2.5 Million Accounts in ShinyHunters Extortion Attack
WhatsApp, Slack, SMS Notifications Could Hijack Google Gemini on Android
Most Popular
Pink Extortion Group Linked to UNC6671 and The Com Uses Vishing and Fake Helpdesk Calls to Target Enterprise Data
Post-Quantum Security Standards Exist, Migration Remains the Challenge
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for SMTP Relay Abuse, Report Says
OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Why Trusted Pipeline Identities Matter More Than Ever in Software Supply Chain Security
Attackers Stole Global Stock Exchange Executive's Mailbox for Five Months in Covert Campaign
Pink Extortion Group Linked to UNC6671 and The Com Uses Vishing and Fake Helpdesk Calls to Target Enterprise Data
Post-Quantum Security Standards Exist, Migration Remains the Challenge
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for SMTP Relay Abuse, Report Says
OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Why Trusted Pipeline Identities Matter More Than Ever in Software Supply Chain Security
Attackers Stole Global Stock Exchange Executive's Mailbox for Five Months in Covert Campaign

Most Popular
Pink Extortion Group Linked to UNC6671 and The Com Uses Vishing and Fake Helpdesk Calls to Target Enterprise Data
Post-Quantum Security Standards Exist, Migration Remains the Challenge
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for SMTP Relay Abuse, Report Says
OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Why Trusted Pipeline Identities Matter More Than Ever in Software Supply Chain Security
Attackers Stole Global Stock Exchange Executive's Mailbox for Five Months in Covert Campaign
Pink Extortion Group Linked to UNC6671 and The Com Uses Vishing and Fake Helpdesk Calls to Target Enterprise Data
Post-Quantum Security Standards Exist, Migration Remains the Challenge
PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for SMTP Relay Abuse, Report Says
OpenAI Codex Uncovers HTTP/2 Bomb DoS Exploit Affecting nginx, Apache, and Microsoft IIS
Why Trusted Pipeline Identities Matter More Than Ever in Software Supply Chain Security
Attackers Stole Global Stock Exchange Executive's Mailbox for Five Months in Covert Campaign

TechNadu keeps you informed with the latest in cybersecurity, VPNs, and technology. From expert guides to in-depth reviews, we provide the knowledge you need to stay secure and connected in the digital world.

© 2026 TechNadu. All Rights Reserved. TechNadu is a part of Leaprove Media LLP.

Close lightbox
Facebook
Twitter
Linkedin
Reddit
Email
Copy Link
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: