United Nations IT systems breached in Geneva and Vienna   

There were conflicting accounts about the significance of the incursion. © Keystone / Martial Trezzini

Dozens of servers were “compromised” at United Nations offices in Geneva and Vienna last summer, according to an investigation by the New Humanitarian.  

This content was published on January 29, 2020 - 16:55

The UN decision to keep quiet about a major attacking into its computer networks in Europe put staff, other organisations and individuals at risk, according to data protection advocates cited in the report.  

The breach reportedly affected dozens of servers in three separate locations: the UN Office at Vienna; the UN Office at Geneva; and the UN Office of the High Commissioner for Human Rights (OHCHR) headquarters in Geneva.  

There were conflicting accounts about the significance of the incursion. 

A UN official told The Associated Press that the hack was first detected over the summer and appeared “sophisticated” – raising the possibility that a state-backed actor may have been behind it. The extent of the damage remains unclear, but security systems have since been reinforced. 

“We were hacked,” UN human rights office spokesman Rupert Colville confirmed to AP. “We face daily attempts to get into our computer systems. This time, they managed, but it did not get very far. Nothing confidential was compromised.” 

UN spokesperson Stéphane Dujarric classified the incident as “serious” in remarks to The New Humanitarian, published on TuesdayExternal link

“The attack resulted in a compromise of core infrastructure components,” Dujarric said. “As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach.” 

The New Humanitarian said staff records, health insurance, and commercial contract data were compromised. 

The breach, at least at the human rights office, appears to have been limited to the so-called active directory - including a staff list and details like e-mail addresses - but not access to passwords. No domain administration’s account was compromised, officials told AP.  

This article was automatically imported from our old content management system. If you see any display errors, please let us know:

Share this story