WFP confirms cyberattack exposed 600,000 Gaza households' data

The United Nations World Food Program confirmed that a cyberattack has exposed the sensitive personal information of approximately 600,000 Palestinian households in Gaza, compromising names, identification numbers and location data submitted through the agency's aid registration portal. The Geneva-based agency detected unauthorized access to its Self-Registration Application on May 14, according to a statement issued to aid recipients via Telegram on May 31.

The breach exposed mobile phone numbers and residential locations stored in the system designed to verify eligibility for food and cash assistance, WFP said in responses to The New Humanitarian. A spokesperson told the Geneva-based news portal that the agency identified the intrusion into its Palestine self-registration platform, which individuals use to enroll for aid after verification.

Security warnings ignored

An anonymous whistleblower contacted the agency's beneficiary feedback mechanism on May 12 — two days before the incident — warning of vulnerabilities in the registration system, according to the Geneva-based news portal. The warning came from an independent expert who identified security flaws in the SRA platform, the source told the outlet.

No claim of responsibility

WFP stated that an investigation remains under way and no group has claimed responsibility for the attack. The data breach affects households dependent on international food assistance in the besieged enclave, where the UN agency has struggled to maintain aid operations amid the ongoing conflict.