Reporter cites WFP data breach affecting 600,000 households; U.N. says WFP shut platform and is investigating

Reporter Miss Ibtisam Azem quoted a report that a May 14 cyberattack on a World Food Programme Gaza self-registration app exposed sensitive beneficiary data — including names, national IDs, mobile numbers and neighborhood information — affecting a portal for about 600,000 households. Azem said the report described the incident as “perhaps the largest known breach of humanitarian beneficiary data to the date.”

The U.N. spokesperson said the U.N. had been in touch with WFP, that once the breach was detected WFP “took immediate action to shut down the platform to try to contain the intrusion,” and that no other WFP system was impacted. The spokesperson added that cash assistance and food delivery “remain in place in Gaza” and that WFP is working to restore and secure the platform while investigating the incident.

A follow-up question raised whether the U.N.’s wider digital strategy and systems linked to Palantir create unacceptable data-protection risks, given past criticism when the U.N. contracted Palantir in 2019. The spokesperson said they “can't comment on the actual contract” but emphasized that WFP takes beneficiary data seriously and is trying to remedy the situation.

No additional detail on the scope of data published or any new protective measures was announced during the briefing; the spokesperson urged continued efforts, including cooperation with platform companies, to combat misinformation and address cybersecurity threats.