Unicef leaked personal details of more than 8,500 people

The accidental leak involved the names, email addresses, gender and other information about people who enrolled on an online course

Unicef has accidentally leaked the personal details of more than 8,500 people around the world who used an online training course run by the charity.

The charity, which operates in 190 countries, said yesterday that an email was sent to 20,000 users of its Agora training system on 26 August, containing the personal details of 8,353 users enrolled on the online course.

A spokesman for Unicef said that the leak was caused by an error when an employee ran a report on the system.

Personal data leaked in this way included the names, email addresses, duty stations, gender, organisation, name of supervisor and contract type of people who had enrolled in Agora courses, a spokesman said.

The charity was unable to confirm whether anyone in the UK had been affected because location data is optional for users of the program.

Agora is a free, multilingual online portal offering training courses to Unicef staff and other development professionals on a broad range of issues, including children's rights, partnerships, humanitarian action, research and data.

Najwa Mekki, chief of the New York media section of Unicef, said the charity became aware of the leak the day after it took place.

"Our technical teams promptly disabled the Agora functionality that allows such reports to be sent and blocked the Agora server’s ability to send out email attachments," he said.

"These measures will prevent such an incident from reoccurring.

"We again apologise to the users who have been affected and want to reassure them that we are doing everything possible to make sure this does not happen again. Unicef takes data privacy very seriously and is committed to protecting the privacy of its online community."

A report has not been made to the Information Commissioner’s Office because the leak did not occur in the UK.

A statement from the ICO said: "If an organisation decides that a breach doesn’t need to be reported, they should keep their own record of it and be able to explain why it wasn’t reported if necessary.

"If anyone has concerns about how their data has been handled, they can report these concerns to us and we can look into the details."

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register
Already registered?
Sign in
Follow us on:

Latest Digital Jobs

RSS Feed

Third Sector Insight

Sponsored webcasts, surveys and expert reports from Third Sector partners

Markel

Expert hub

Insurance advice from Markel

How bad can cyber crime really get: cyber fraud #1

Promotion from Markel

In the first of a series, we investigate the risks to charities from having flawed cyber security - and why we need to up our game...