Clarification of circumstances surrounding hacking of OHCHR

GENEVA (29 January 2020) - The UN Human Rights Office would like to clarify some details in light of news reports today about a cyber-attack on the UN which involved our office.

Although hackers accessed a self-contained part of our system in July 2019, the development servers they accessed did not hold any sensitive data or confidential information.* The hackers did manage to access our Active User Directory, which contains the user IDs for our staff and devices. However, they did not succeed in accessing passwords. Nor did they gain access to other parts of the system.

Once we became aware of the attack, we took action to shut down the affected development servers.

The UN Human Rights Office takes breaches of security extremely seriously. We are very aware of the potential effects should people gain unauthorised access to our data, and the responsibility we have, both online and offline, to protect victims, staff, partners and any individuals and groups who collaborate with us. We want to assure all concerned parties that this hacking attempt did not compromise sensitive information within this Office.

Like many other institutions and companies, we face frequent attempts to access our computer systems, and our IT team is constantly further reinforcing existing multifaceted safeguards to preserve the integrity of our systems and the data they hold.

* Development servers are systems on which new software is written by programmers using dummy data. They are not connected to our regular systems.

© Scoop Media