Hackread reports that the United Nations Trust Fund to End Violence against Women had 228 GB of sensitive information in PDF, JPG, XML, and PNG formats leaked as a result of a misconfigured database.
Aside from containing staff details, such as names, job roles, and salary and tax information, documents in the unsecured database also exposed the organization's financial details and organizational information, as well as details from victims of gender-based violence, including names, email addresses, and personal recollections, a report by cybersecurity researcher Jeremy Fowler published on vpnMentor showed. "Although the records indicated the files belonged to the UN Women agency, it is not known if they owned and managed the non-password-protected database or if it was under the control of a third-party contractor," said Fowler, who warned that the leaked data could be leveraged by threat actors to launch not only phishing and identity-based attacks but also extortion efforts.
