UNICEF compromised personal data of 8,253 users

12.09.2019

Back to news

UNICEF online learning portal Agora created an email and sent it to almost 20,000 portal users. The data of more than 8,000 people was exposed on 26 August, and the next day UNICEF tried to neutralise the breach consequences.

The personal details included names, emails, duty stations, gender, organisations, names of supervisors and contract type of those who had enrolled in one of these courses.

UNICEF asked the addressees to delete the emails as they contained sensitive information belonging to Agora users.

"Our technical teams promptly disabled the Agora functionality which allows such reports to be sent and blocked the Agora server’s ability to send out email attachments. These measures will prevent such an incident from reoccurring," said Najwa Mekki, UNICEF's media chief to Devex.

Analysis improvement of the level of internal corporate risks and reporting in accordance with regulatory policies are required and provided by comprehensive monitoring systems.