The United Nations was hacked via a Microsoft SharePoint vulnerability last year, with 20 administrative accounts compromised and malware implanted on 40 servers.

Furthermore, the UN chose to cover-up the attack, which has been described as "sophisticated", rather than publicly disclosing it.

That's according to a confidential internal report, leaked to Nairobi, Kenya-based news agency, The New Humanitarian, formerly IRIN News.

UN offices in Vienna and Geneva were compromised, as well as the UN Officer of the High Commissioner for Human Rights, also in Geneva. The organisation, according to the report, only informed the internal IT teams and the heads of the offices affected.

According to the leaked report, the attack started in mid-July, but was only discovered on 30th August. Staff records, health insurance, and commercial contract data were all compromised.

UN spokesperson Stéphane Dujarric told The New Humanitarian that the United Nations' core IT infrastructure in Geneva and Vienna were compromised. "As the exact nature and scope of the incident could not be determined, [the UN offices in Geneva and Vienna] decided not to publicly disclose the breach."

The UN enjoys diplomatic immunity, meaning that it isn't subject to EU regulations, such as GDPR, and isn't obliged to reveal the information obtained or to notify anyone who might be affected.

