UNICEF
Company Details
Linkedin ID:
unicef
Website:
Employees number:
44,786
Number of followers:
5,309,863
NAICS:
8135
Industry Type:
Homepage:
unicef.org
IP Addresses:
0
Company ID:
UNI_2894943
Scan Status:
In-progress
UNICEF Company CyberSecurity Posture
unicef.org
UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone. And we never give up.
UNICEF A.I CyberSecurity Scoring
UNICEF Risk Score (AI oriented)Between 800 and 849
UNICEF
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
UNICEF Global Score (TPRM)XXXX
UNICEF
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
UNICEF Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
UNICEF
Data Leak
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: The children's agency of the United Nations, UNICEF, unintentionally exposed the private information of 1000 of Agora users who use its online learning platform. Nearly 20,000 Agora users received an email with the personal information of 8,253 individuals registered for courses on immunisation. This unintentional data leak resulted from a mistake made by an internal user running a report. The names, email addresses, places of employment, genders, organisations, names of supervisors, and types of contracts of the individuals may be among the personal information inadvertently disclosed.
UNICEF Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for UNICEF
Incidents vs Non-profit Organizations Industry Average (This Year)
No incidents recorded for UNICEF in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for UNICEF in 2025.
Incident Types UNICEF vs Non-profit Organizations Industry Avg (This Year)
No incidents recorded for UNICEF in 2025.
Incident History — UNICEF (X = Date, Y = Severity)
UNICEF cyber incidents detection timeline including parent company and subsidiaries
UNICEF Company Subsidiaries
UNICEF works in some of the world’s toughest places, to reach the world’s most disadvantaged children. To save their lives. To defend their rights. To help them fulfill their potential. Across 190 countries and territories, we work for every child, everywhere, every day, to build a better world for everyone. And we never give up.
Loading...
UNICEF Similar Companies
British Council
We support peace and prosperity by building connections, understanding and trust between people in the UK and countries worldwide. We uniquely combine the UK’s deep expertise in arts and culture, education and the English language, our global presence and relationships in over 100 countries, our un
YMCA of the USA
YMCA of the USA is the national resource office for the nation's YMCAs. Located in Chicago, IL, YMCA of the USA exists to serve YMCAs. To address the specific needs of communities, each YMCA is an independent organization, autonomous and separate from YMCA of the USA. They are required by the nation
Médecins Sans Frontières (MSF)
Médecins Sans Frontières (MSF) is an international, independent, medical humanitarian organisation working to provide medical assistance to people affected by conflict, epidemics, disasters, or exclusion from healthcare. Since our founding in 1971, we’ve grown to a global movement delivering human
The International Rescue Committee responds to the world’s worst humanitarian crises and help people to survive, recover, and gain control of their future. Founded in 1933 at the request of Albert Einstein, the IRC offers lifesaving care and life-changing assistance to refugees and displaced peopl
AIESEC
AIESEC develops leadership among youth aged 18 to 30 and contributes to strengthening the global employability market by providing an end-to-end international talent recruitment solution for Enterprises, NGOs, and Start-ups. AIESEC is the world's largest youth-run organization developing the leader
International Committee of the Red Cross - ICRC
Established in 1863, the International Committee of the Red Cross (ICRC) works worldwide to provide humanitarian help for people affected by conflict and armed violence and to promote the laws that protect victims of war. An independent and neutral organization, its mandate stems essentially from th
Transport for London
Every day, we help millions of people to make journeys across London: By Tube, bus, tram, car, bike – and more. People don’t associate us with journeys by river, on foot or via the air, but we help with that, too. Getting people to where they need to go has been our business for over 100 years, and
The Salvation Army is the nation's largest direct provider of social services. Annually, we help millions overcome poverty, addiction, and spiritual and economic hardships by preaching the gospel of Jesus Christ and meeting human needs in His name without discrimination in nearly every zip code.
World Vision
World Vision is the largest child-focused private charity in the world. Our 33,000+ staff members working in nearly 100 countries have united with our incredible supporters to impact the lives of over 200 million vulnerable children by tackling the root causes of poverty. Through World Vision every
.png)
UNICEF CyberSecurity News
November 26, 2025 03:41 PM
Nigerian Youths Need Urgent Digital Upskilling To Compete Globally — UNICEF
The United Nations Children's Fund (UNICEF) has called for urgent, large-scale investment in digital skills to prepare Nigeria's growing...
November 04, 2025 08:00 AM
Paratus Botswana advances cyber security awareness, connects classrooms
The Ministry of Communications and Innovation, in collaboration with industry stakeholders, led a series of initiatives to promote online...
October 30, 2025 07:00 AM
Unicef, Dove prog boosting life skills among girls
Lucknow: Unicef and Dove have partnered to boost self-confidence and life skills among adolescent girls in India.
October 23, 2025 07:00 AM
PhantomCaptcha RAT Attack Targets Aid Groups Supporting Ukraine
A recent, highly coordinated cyberattack, codenamed “PhantomCaptcha,” targeted several major humanitarian and government groups supporting...
October 20, 2025 07:00 AM
19-Year-Old Narine Ivanyan Pursues Career in STEM with UNICEF's “Gamechangers” Initiative
In summer 2023, Narine participated in UNICEF's “Gamechangers - Girls for Girls” project, designed to provide young girls in rural Armenia...
October 12, 2025 07:00 AM
Ghana Cyber Security Authority engages stakeholders on online protection for children with disabilities
The Cyber Security Authority on Friday held a stakeholders' engagement to discuss efficient measures to protect children with disabilities...
August 29, 2025 07:00 AM
Safeguarding Children in the Digital Age
In an age when a child's first footprint may be digital, how do we ensure children's safety from day one?
August 20, 2025 07:00 AM
The first online cybersecurity platform for children and adolescents launched in Armenia
Yerevan, August 27, 2025. UNICEF and CyberHUB-AM have officially launched the CyberChat platform, Armenia's first online support and...
August 06, 2025 07:00 AM
‘A Shared Determination’
Dr. Antwi-Boasiako is a cybersecurity expert who has worked in the public and private sectors for more than a decade.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
UNICEF CyberSecurity History Information
Official Website of UNICEF
The official website of UNICEF is https://www.unicef.org/.
UNICEF’s AI-Generated Cybersecurity Score
According to Rankiteo, UNICEF’s AI-generated cybersecurity score is 827, reflecting their Good security posture.
How many security badges does UNICEF’ have ?
According to Rankiteo, UNICEF currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does UNICEF have SOC 2 Type 1 certification ?
According to Rankiteo, UNICEF is not certified under SOC 2 Type 1.
Does UNICEF have SOC 2 Type 2 certification ?
According to Rankiteo, UNICEF does not hold a SOC 2 Type 2 certification.
Does UNICEF comply with GDPR ?
According to Rankiteo, UNICEF is not listed as GDPR compliant.
Does UNICEF have PCI DSS certification ?
According to Rankiteo, UNICEF does not currently maintain PCI DSS compliance.
Does UNICEF comply with HIPAA ?
According to Rankiteo, UNICEF is not compliant with HIPAA regulations.
Does UNICEF have ISO 27001 certification ?
According to Rankiteo,UNICEF is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of UNICEF
UNICEF operates primarily in the Non-profit Organizations industry.
Number of Employees at UNICEF
UNICEF employs approximately 44,786 people worldwide.
Subsidiaries Owned by UNICEF
UNICEF presently has no subsidiaries across any sectors.
UNICEF’s LinkedIn Followers
UNICEF’s official LinkedIn profile has approximately 5,309,863 followers.
NAICS Classification of UNICEF
UNICEF is classified under the NAICS code 8135, which corresponds to Others.
UNICEF’s Presence on Crunchbase
No, UNICEF does not have a profile on Crunchbase.
UNICEF’s Presence on LinkedIn
Yes, UNICEF maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/unicef.
Cybersecurity Incidents Involving UNICEF
As of November 27, 2025, Rankiteo reports that UNICEF has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
UNICEF has an estimated 20,200 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at UNICEF ?
Incident Types: The types of cybersecurity incidents that have occurred include Data Leak.
Incident Details
Can you provide details on each incident ?
Title: UNICEF Agora Platform Data Leak
Description: UNICEF unintentionally exposed the private information of 8,253 Agora users who use its online learning platform. Nearly 20,000 Agora users received an email with the personal information of individuals registered for courses on immunisation. This unintentional data leak resulted from a mistake made by an internal user running a report. The names, email addresses, places of employment, genders, organisations, names of supervisors, and types of contracts of the individuals may be among the personal information inadvertently disclosed.
Type: Data Leak
Attack Vector: Misconfigured Email
Vulnerability Exploited: Human Error
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Data Leak.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak UNI161313423
Data Compromised: Names, Email addresses, Places of employment, Genders, Organisations, Names of supervisors, Types of contracts
Systems Affected: Agora online learning platform
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information and .
Which entities were affected by each incident ?
Incident : Data Leak UNI161313423
Entity Name: UNICEF
Entity Type: Non-profit Organization
Industry: Children's Aid
Location: Global
Customers Affected: 8,253 individuals registered for immunisation courses
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak UNI161313423
Type of Data Compromised: Personal information
Number of Records Exposed: 8,253
Sensitivity of Data: High
Personally Identifiable Information: NamesEmail addressesPlaces of employmentGendersOrganisationsNames of supervisorsTypes of contracts
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Leak UNI161313423
Root Causes: Human Error
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Names, Email addresses, Places of employment, Genders, Organisations, Names of supervisors, Types of contracts and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Agora online learning platform.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Names, Organisations, Email addresses, Genders, Places of employment, Types of contracts and Names of supervisors.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 8.3K.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=unicef' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
