"You do not need to update, delete, or re-register your information. If you are already registered, you will remain part of the WFP assistance programs," the World Food Programme told beneficiaries after disclosing that its Palestine self-registration application had been breached.
WFP disclosure and timeline
The World Food Programme (WFP) disclosed the incident in a Sunday Telegram message, saying its self-registration application (SRA) used for assistance registration in Gaza had been breached. In a statement shared with The New Humanitarian, the WFP said attackers breached its systems on May 14 and stole registration information for people in roughly 600,000 Palestinian households in Gaza. A Tuesday update from the organization said the registration platform remained temporarily down while WFP implemented security improvements and continued its investigation.
What data attackers accessed
According to the WFP disclosure, attackers gained access to personal data belonging to beneficiaries across the Gaza Strip. The organization listed the exposed items as affected individuals' names, ID numbers, phone numbers, and location information — including neighborhood data recorded during registration. The WFP cautioned beneficiaries to be wary of anyone claiming to represent the organization or requesting information or money, and it advised people not to click or open suspicious links or messages.
Operational impact on food and cash assistance
Despite the breach and the temporary suspension of the Registration Platform (SRA), the WFP told beneficiaries that "food, cash, and other assistance will continue as normal, and you will continue to receive assistance." The organization said the SRA had been taken offline to implement "urgent security and system protection improvements" and that WFP teams were continuously monitoring the situation as the investigation proceeded.
WFP capacity, reporting, and external outreach
The WFP is a United Nations agency founded in 1961 and headquartered in Rome, Italy, and it is funded by governments, corporations, and private donors. The organization reported having over 20,000 staff in more than 120 countries and territories and operating what it called the largest humanitarian logistics network, with 5,000 trucks, 20 ships, and around 80 aircraft delivering emergency assistance at any given time. In 2024 the WFP said it disbursed US$2.82 billion in financial assistance and delivered approximately 2.5 million metric tons of food.
When BleepingComputer contacted the WFP for comment, a World Food Programme spokesperson was not available for comment earlier today, according to the reporting.
How Palestinian beneficiaries, WFP operations, and donors are responding
- Palestinian beneficiaries: WFP communications have told registered people they need not re-register and warned them to be cautious of impersonators requesting information or money and to avoid suspicious links. The organization emphasized continuity of assistance while registration services are strengthened.
- WFP operations and security teams: The platform has been temporarily suspended while the WFP implements urgent security and system protection measures and conducts an ongoing investigation; operational monitoring remains in place, according to the WFP.
- Donors and funders: Because the WFP is funded by governments, corporations, and private donors and continues to deliver food and cash assistance, these partners will be watching implementation of the security fixes and the integrity of beneficiary delivery as the SRA remains offline.
Recent UN incidents placed alongside the WFP breach
The WFP breach is the latest publicly reported incident affecting UN organizations. The source cites several recent examples: the United Nations failed to disclose a cyberattack that affected its Geneva offices in August 2019; the UN Environment Programme exposed personally identifiable information of over 100,000 employees five years ago; in 2024, an 8Base ransomware attack hit the UN Development Programme (UNDP); and attackers stole approximately 42,000 records from a recruitment database belonging to the UN International Civil Aviation Organization (ICAO). The WFP incident, involving roughly 600,000 Gaza households, adds to that pattern of intrusions impacting UN-related systems and data.
The WFP has said the registration platform will remain offline while security improvements are made, assistance will continue to reach registered beneficiaries, and the organization is investigating and monitoring the situation. For readers who want the original reporting, the source article is available here: Original story.
