Thousands of confidential UN documents linked to gender equality push leaked online

News
By
published

UN Women documents found on unprotected database could put workers and victims at risk

UN Flag
(Image credit: Shutterstock / Alexandros Michailidis)

A database believed to belong to the United Nations Trust Fund to End Violence against Women has been discovered unsecured online, containing financial reports, bank account information, staff details, victim testimonies and more.

The database, containing a total 228 GB of information, was discovered by cybersecurity researcher Jeremiah Fowler and reported to vpnMentor.

It lacked any password protection, with the 115,141 files displayed unencrypted and accessible to anyone with an internet connection.

Victim and worker information exposed

While currently unconfirmed, the database contained information linked it to the UN Women and UN Trust Fund to End Violence against Women, including letters and documents addressed to the UN and stamped with UN logos, with specific reference to UN Women.

Amongst the information within the database, Fowler identified scanned passport documents and ID cards, alongside detailed information on staff roles including names, job roles, salary information and tax data.

“There were also documents labeled as “victim success stories” or testimonies,” Fowler wrote in his report for vpnMentor. “Some of these contained the names and email addresses of those helped by the programs, as well as details of their personal experiences. For instance, one of the letters purported to be from a Chibok schoolgirl who was one of the 276 individuals kidnapped by Boko Haram in 2014.”

A collection of documents and certificates from the UN Women database

A collection of documents and certificates from the UN Women database. (Image credit: vpnMentor / Jeremiah Fowler)

It is not known how long the database has been exposed for, whether the database is managed by the UN Women organization or a third party, or whether the database has been accessed by anyone outside of the organization.

Fowler explains several hypothetical situations in which the data could be misused, such as convincing spear phishing attacks against exposed email addresses using manipulated documents. Theoretically, a threat actor could also use the documents to gain a high-level understanding of the organization’s organizational and financial layout.

The UN Women organization has a scam alert posted on its website which is undated, but the page dates back to at least July 2022, with an update occurring in July 2024 adding a guide to using the Quantum procurement verification portal. Fowler alerted the UN Information Security team to the unprotected database, and received a response stating, “The reported vulnerability does not pertain to us (the United Nations Secretariat) and is for UN Women. Please report the vulnerability to UN WOMEN.”

More from TechRadar Pro

Benedict Collins
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
healthcare
Over a million clinical records exposed in data breach
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
A top online gift card store may have exposed private data on hundreds of thousands of users
Data leak
Popular online bill paying site leaks data of thousands of users
A graphic showing fleet tracking locations over a city.
Disability monitoring tool leaked personal information online
Data leak
Top healthcare company exposes data on millions of patients - find out if you're affected
Data leak
Millions of supposedly private links leaked online by safe link provider
Latest in Pro
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
An abstract image in blue and white of a database.
Planning ahead around data migrations
Artificial Intelligence
Amazon is apparently going all-in on agentic AI
Cloud, networking and internet
Under the hood of data sovereignty
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Latest in News
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Pac-Man x PowerA promotional image.
Special edition Pac-Man Nintendo Switch and Xbox accessories from PowerA are on the way
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Google Pixel Watch 3
Google rolls out major Pixel Watch upgrade for all users – here's what's new in Wear OS 5.1
More about pro
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Artificial Intelligence

Amazon is apparently going all-in on agentic AI
OnePlus Watch 3

Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
See more latest
Most Popular
OnePlus Watch 3
Good news for OnePlus fans as it confirms the OnePlus Watch 3 will get three years of updates, not two
Google Pixel Watch 3
Google rolls out major Pixel Watch upgrade for all users – here's what's new in Wear OS 5.1
Pac-Man x PowerA promotional image.
Special edition Pac-Man Nintendo Switch and Xbox accessories from PowerA are on the way
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Portrait of African-American teenage boy studying at home or in college dorm and using laptop, copy space
Windows 11’s Notepad gets AI-powered ‘Rewrite’ feature, but not everyone’s going to be happy about it
Close up of PS5 DualSense controller leaning on a PS5
Sony goes full Xbox Insider with new Beta Program at PlayStation initiative, offering the testing of new games and features before release
Artificial Intelligence
Amazon is apparently going all-in on agentic AI
A collage of Daredevil in Daredevil: Born Again and Tom Holland's Peter Parker in Spider-Man: Far From Home
Daredevil: Born Again episode 2 just gave me hope that the titular hero will join forces with Spider-Man in the MCU, but it won't happen on Disney+
Circular Ring 2
The Circular Ring 2 solves a crucial smart ring problem, and it's available to pre-order now
HTC Viverse
The company formerly known as HTC is doubling down on immersive worlds, AI, spatial computing and ... 6G?