United Nations
Company Details
Linkedin ID:
united-nations
Website:
Employees number:
62,133
Number of followers:
6,006,055
NAICS:
92812
Industry Type:
Homepage:
un.org
IP Addresses:
0
Company ID:
UNI_2749530
Scan Status:
In-progress
United Nations Company CyberSecurity Posture
un.org
Founded at the end of the Second World War, the United Nations is an international organization made up of 193 Member States committed to maintaining international peace and security. Every day the UN works to tackle global challenges and deliver results for those most in need. Giving life-saving support to populations hit by humanitarian crises, helping build and keep the peace in conflict-ridden areas, supporting governments and their citizens to advance development and fight poverty, and promoting human rights worldwide are the core pillars of the work of the United Nations and the mandates it receives from its Member States. The Charter of the United Nations is available in full at: http://www.un.org/en/documents/charter/
United Nations A.I CyberSecurity Scoring
United Nations Risk Score (AI oriented)Between 800 and 849
United Nations
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
United Nations Global Score (TPRM)XXXX
United Nations
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
United Nations Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
United Nations
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Hackers breached the United Nations’ computer networks in early 2021 and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers likely got in using the stolen username and password of a UN employee purchased off the dark web. The hackers, whoever breached the UN didn’t damage any of its systems but instead collected information about the UN’s computer networks.
United Nations
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: THE UNITED NATIONS accidentally published passwords, internal documents, and technical details about websites. It happened when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. This made sensitive material available online to anyone with the proper link, rather than only to specific users who should have access. Affected data included credentials for a U.N. file server, the video conferencing system at the U.N.’s language school, and a web development environment for the U.N.’s Office for the Coordination of Humanitarian Affairs. The sensitive information were available by running searches on Google. The searches, in turn, produced public Trello pages, some of which contained links to the public Google Docs and Jira pages.
United Nations Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for United Nations
Incidents vs International Affairs Industry Average (This Year)
No incidents recorded for United Nations in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for United Nations in 2025.
Incident Types United Nations vs International Affairs Industry Avg (This Year)
No incidents recorded for United Nations in 2025.
Incident History — United Nations (X = Date, Y = Severity)
United Nations cyber incidents detection timeline including parent company and subsidiaries
United Nations Company Subsidiaries
Founded at the end of the Second World War, the United Nations is an international organization made up of 193 Member States committed to maintaining international peace and security. Every day the UN works to tackle global challenges and deliver results for those most in need. Giving life-saving support to populations hit by humanitarian crises, helping build and keep the peace in conflict-ridden areas, supporting governments and their citizens to advance development and fight poverty, and promoting human rights worldwide are the core pillars of the work of the United Nations and the mandates it receives from its Member States. The Charter of the United Nations is available in full at: http://www.un.org/en/documents/charter/
Loading...
United Nations Similar Companies
UNHCR, the UN Refugee Agency
UNHCR, the UN Refugee Agency, is a global organisation dedicated to saving lives, protecting rights and building a better future for people forced to flee their homes because of conflict and persecution. We lead international action to protect refugees, forcibly displaced communities and stateless
World Health Organization
The World Health Organization's mission: to promote health, keep the world safe, and serve the vulnerable. Working through offices in more than 150 countries, WHO staff work side by side with governments and other partners to ensure the highest attainable level of health for all people. Stay connec
#ExchangeAlumni - Alumni Affairs - State Dept.
Welcome, exchange program alumni! We are Alumni Affairs, an office in the Bureau of Educational and Cultural Affairs (ECA) at the U.S. Department of State. We welcome alumni of all U.S. government exchange programs, from Fulbright to Gilman, IVLP, YALI, YSEALI, YLAI, and many more! We offer grant c
Bluesky Agency
THE RIGHT WAY TO ITALY. Italian Agency based in Venice-Italy performing general affairs by Public and Private Boards seeks international Partners to develop SMART TOURISM NETWORK. Multilingual staff. Contact us as above
USAID is the lead U.S. Government agency that works to end extreme global poverty and enable resilient, democratic societies to realize their potential. U.S. foreign assistance has always had the twofold purpose of furthering America's interests while improving lives in the developing world. USAI
Established in 1951, the International Organization for Migration is the leading intergovernmental organization in the field of migration and is committed to the principle that humane and orderly migration benefits migrants and society. IOM works with its partners in the international community to
UNDP
The United Nations Development Programme works in nearly 170 countries and territories, helping to achieve the eradication of poverty, and the reduction of inequalities and exclusion. We help countries to develop policies, leadership skills, partnering abilities, institutional capabilities and build
.png)
United Nations CyberSecurity News
November 27, 2025 11:55 AM
Programme on Threat Assessment Models for Aviation Security | Office of Counter-Terrorism
Programme Snapshot On 7 September 2021, the United Nations Office of Counter-Terrorism (UNOCT) launched the United Nations Programme on Thr.
November 27, 2025 11:55 AM
Cybersecurity and New Technologies
At the Cyber challenge, 15 teams of young innovators presented solutions & received guidance from experts to develop creative ideas, ranging from P/CVE to...
November 27, 2025 10:49 AM
Cybersecurity and New Technologies | Office of Counter-Terrorism
The UNOCT/UNCCT Cybersecurity and New Technologies programme aims to enhance capacities of Member States and private organizations to prevent cyber-attacks...
November 27, 2025 09:01 AM
Office of Counter-Terrorism
Terrorists, as well as those they inspire, represent a major transnational threat. Detecting and disrupting the travel of these individuals and groups,...
November 18, 2025 03:10 AM
IP25108 | Southeast Asia’s Cybersecurity Trajectory Beyond the UN OEWG
KEY TAKEAWAYS • Southeast Asia has made considerable progress across the four pillars of the UN framework on responsible state behaviour in...
November 06, 2025 08:00 AM
Ha Noi Convention marks historic milestone shaping global legal order in cybersecurity
For the first time in history, the United Nations (UN) has chosen Ha Noi as the venue for the signing of a global convention.
November 05, 2025 08:00 AM
The US must not endorse Russia and China’s vision for cybersecurity
Even as Russia and China wage a relentless cyber war against the West, the United Nations is celebrating a new cybercrime treaty whose chief...
November 05, 2025 08:00 AM
The US must not endorse Russia and China’s vision for cybersecurity
Even as Russia and China wage a relentless cyber war against the West, the United Nations is celebrating a new cybercrime treaty whose chief...
October 30, 2025 07:00 AM
US Stands Out in Refusal to Sign UN Cybercrime Treaty
As China, Iran, Russia, and the European Union signed onto a new global cybercrime treaty, the United States and a minority of other nations...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
United Nations CyberSecurity History Information
Official Website of United Nations
The official website of United Nations is http://www.un.org.
United Nations’s AI-Generated Cybersecurity Score
According to Rankiteo, United Nations’s AI-generated cybersecurity score is 812, reflecting their Good security posture.
How many security badges does United Nations’ have ?
According to Rankiteo, United Nations currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does United Nations have SOC 2 Type 1 certification ?
According to Rankiteo, United Nations is not certified under SOC 2 Type 1.
Does United Nations have SOC 2 Type 2 certification ?
According to Rankiteo, United Nations does not hold a SOC 2 Type 2 certification.
Does United Nations comply with GDPR ?
According to Rankiteo, United Nations is not listed as GDPR compliant.
Does United Nations have PCI DSS certification ?
According to Rankiteo, United Nations does not currently maintain PCI DSS compliance.
Does United Nations comply with HIPAA ?
According to Rankiteo, United Nations is not compliant with HIPAA regulations.
Does United Nations have ISO 27001 certification ?
According to Rankiteo,United Nations is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of United Nations
United Nations operates primarily in the International Affairs industry.
Number of Employees at United Nations
United Nations employs approximately 62,133 people worldwide.
Subsidiaries Owned by United Nations
United Nations presently has no subsidiaries across any sectors.
United Nations’s LinkedIn Followers
United Nations’s official LinkedIn profile has approximately 6,006,055 followers.
NAICS Classification of United Nations
United Nations is classified under the NAICS code 92812, which corresponds to International Affairs.
United Nations’s Presence on Crunchbase
No, United Nations does not have a profile on Crunchbase.
United Nations’s Presence on LinkedIn
Yes, United Nations maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/united-nations.
Cybersecurity Incidents Involving United Nations
As of December 11, 2025, Rankiteo reports that United Nations has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
United Nations has an estimated 959 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at United Nations ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: United Nations Data Leak
Description: The United Nations accidentally published passwords, internal documents, and technical details about websites due to misconfiguration of Trello, Jira, and Google Docs. Sensitive material was available online to anyone with the proper link.
Type: Data Leak
Attack Vector: Misconfiguration
Vulnerability Exploited: TrelloJiraGoogle Docs
Title: United Nations Data Breach
Description: Hackers breached the United Nations’ computer networks in early 2021 and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
Date Detected: Early 2021
Type: Data Breach
Attack Vector: Stolen Credentials
Vulnerability Exploited: Stolen username and password of a UN employee purchased off the dark web
Motivation: Information Gathering
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Stolen username and password of a UN employee purchased off the dark web.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak UNI175830922
Data Compromised: Passwords, Internal documents, Technical details
Systems Affected: File ServerVideo Conferencing SystemWeb Development Environment
Incident : Data Breach UNI155417123
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Passwords, Internal Documents, Technical Details, and Information about the UN’s computer networks.
Which entities were affected by each incident ?
Incident : Data Leak UNI175830922
Entity Name: United Nations
Entity Type: Intergovernmental Organization
Industry: International Affairs
Incident : Data Breach UNI155417123
Entity Name: United Nations
Entity Type: Intergovernmental Organization
Industry: Government
Location: Global
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak UNI175830922
Type of Data Compromised: Passwords, Internal documents, Technical details
Incident : Data Breach UNI155417123
Type of Data Compromised: Information about the UN’s computer networks
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI155417123
Entry Point: Stolen username and password of a UN employee purchased off the dark web
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on Early 2021.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passwords, Internal Documents, Technical Details, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was File ServerVideo Conferencing SystemWeb Development Environment.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Passwords, Internal Documents and Technical Details.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Stolen username and password of a UN employee purchased off the dark web.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=united-nations' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
