OutsideBrief
GAZA 3 Jun 2026 2 min read
Gaza desk brief

WFP reports cyberattack exposed data of 600,000 Gaza households

The World Food Programme says a cyberattack compromised personal data of 600,000 Palestinian households registered for aid in Gaza, according to a regional report.

What happened

Middle East Eye Gaza reports that the World Food Programme (WFP) has notified approximately 600,000 Palestinian households in the Gaza Strip that their personal information was exposed in a security-related incident involving a cyberattack. The New Humanitarian is cited as the primary source on this development.

Outside Brief is treating this as a source-led account. Any disputed responsibility, casualty figure or battlefield claim should be read as unconfirmed/hearsay unless confirmed by another reliable source. According to WFP, the compromised data was obtained via a self-registration application used by Palestinians seeking food and cash aid. Details accessed by unauthorized actors reportedly include names, identification numbers, mobile phone contacts, and location information.

This breach affects a population heavily reliant on humanitarian assistance amid the prolonged crisis in Gaza, where ongoing hostilities have caused widespread displacement and restricted access to essential supplies.

Known from the source

  • WFP says personal data of about 600,000 Palestinian households in Gaza was exposed.
  • The data came from a self-registration app for food and cash assistance.
  • Exposed information includes names, ID numbers, mobile numbers, and locations.
  • The breach was described as a 'security-related incident' involving unauthorized actors.
  • Affected households are part of a population heavily dependent on humanitarian aid amid the Gaza crisis.

What remains unclear

While the WFP has confirmed the incident internally, the specific nature of the attack, potential perpetrators, and the possible implications for the safety and privacy of affected Gaza households remain unclear based on the available reporting.

What remains unclear: Verify WFP’s official response or press release to corroborate the cyberattack details. Confirm the extent of data exposure and whether any follow-up protective measures were announced. Check for independent verification of the breach from other humanitarian or cybersecurity sources. Ensure accuracy in describing the incident as a ‘cyberattack’ versus other types of security incidents if wider details emerge.

Evidence note

Outside Brief has kept this brief source-led and attributed. Claims should be read alongside the original source linked below.

Original source: Middle East Eye Gaza. Open the source.

Outside Brief note: this story keeps the main source visible and separates what is reported from what remains unclear.