The United Nations suffered a “serious” hack to its “core infrastructure” that potentially compromised officials and employees and declined to notify the public of the incident.
News of the hack broke on Wednesday after a U.N. information technology professional leaked official documents about the “major meltdown” to the New Humanitarian.
“The attack resulted in a compromise of core infrastructure components,” said U.N. spokesman Stephane Dujarric, describing the breach as “serious.” “As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.”
The hack into U.N. systems began in July. Officials sent out a warning to IT staff about a breach in the system on Aug. 30. The security and data breach is believed to be one of the largest in the body’s history.
“We are working under the assumption that the entire domain is compromised,” the memo to tech staff said. “The attacker doesn’t show signs of activity so far, we assume they established their position and are dormant.”
The global governance body hid the existence of the hack from most of those involved. The U.N.’s special status as a diplomatic body grants it a wide latitude of immunity from answering to other governing bodies and countries.
The attack compromised dozens of servers in U.N. offices in Vienna and Geneva and the U.N. Office of the High Commissioner for Human Rights, headquartered in Geneva.
“Multiple workshops and assessments have been conducted to verify that the exploited vulnerabilities have been mitigated,” Dujarric said when asked if the damage from the breach had been contained.
