The WFP's self-registration application (SRA) used for assistance registration in Gaza was breached, resulting in unauthorized access to personal data of roughly 600,000 Palestinian households. The compromised data includes personally identifiable information such as names, ID numbers, phone numbers, and neighborhood location data. The breach was detected after attackers accessed the system on May 14, 2026. The WFP has suspended the registration platform to strengthen security and is actively investigating the incident. No evidence of ongoing exploitation or known exploits in the wild has been reported. The WFP continues to provide assistance without interruption and has advised beneficiaries to remain vigilant against phishing or fraudulent requests.

The breach exposed sensitive personal information of approximately 600,000 Gaza households registered for humanitarian assistance, potentially increasing the risk of identity theft, fraud, or targeted social engineering attacks against affected individuals. The disruption caused a temporary suspension of the registration platform, but ongoing assistance programs remain operational. There is no indication that the breach has affected the delivery of food, cash, or other aid. The incident may undermine trust in the registration system and raise concerns about data protection in humanitarian contexts.

The WFP has temporarily suspended the self-registration platform to implement urgent security and system protection improvements. Beneficiaries are advised not to update, delete, or re-register their information, as assistance programs continue as normal. The organization recommends that beneficiaries be cautious of anyone claiming to represent the WFP requesting information or money and to avoid clicking on suspicious links or messages. No additional remediation actions are currently advised by the WFP. Patch status is not explicitly confirmed; check the WFP advisory for updates on security enhancements and restoration of the registration platform.