The children's agency of the United Nations, UNICEF, unintentionally exposed the private information of 1000 of Agora users who use its online learning platform.
Nearly 20,000 Agora users received an email with the personal information of 8,253 individuals registered for courses on immunisation.
This unintentional data leak resulted from a mistake made by an internal user running a report.
The names, email addresses, places of employment, genders, organisations, names of supervisors, and types of contracts of the individuals may be among the personal information inadvertently disclosed.
Source: https://www.devex.com/news/unicef-data-leak-reveals-personal-info-of-8-000-online-learners-95558
TPRM report: https://scoringcyber.rankiteo.com/company/unicef
"id": "uni161313423",
"linkid": "unicef",
"type": "Data Leak",
"date": "09/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': ['8,253 individuals registered '
'for immunisation courses'],
'industry': "Children's Aid",
'location': 'Global',
'name': 'UNICEF',
'type': 'Non-profit Organization'}],
'attack_vector': 'Misconfigured Email',
'data_breach': {'number_of_records_exposed': '8,253',
'personally_identifiable_information': ['Names',
'Email addresses',
'Places of employment',
'Genders',
'Organisations',
'Names of supervisors',
'Types of contracts'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information']},
'description': 'UNICEF unintentionally exposed the private information of '
'8,253 Agora users who use its online learning platform. '
'Nearly 20,000 Agora users received an email with the personal '
'information of individuals registered for courses on '
'immunisation. This unintentional data leak resulted from a '
'mistake made by an internal user running a report. The names, '
'email addresses, places of employment, genders, '
'organisations, names of supervisors, and types of contracts '
'of the individuals may be among the personal information '
'inadvertently disclosed.',
'impact': {'data_compromised': ['Names',
'Email addresses',
'Places of employment',
'Genders',
'Organisations',
'Names of supervisors',
'Types of contracts'],
'systems_affected': ['Agora online learning platform']},
'post_incident_analysis': {'root_causes': 'Human Error'},
'title': 'UNICEF Agora Platform Data Leak',
'type': 'Data Leak',
'vulnerability_exploited': 'Human Error'}