United Nations
Company Details
Linkedin ID:
united-nations
Website:
Employees number:
62,133
Number of followers:
6,006,055
NAICS:
92812
Industry Type:
Homepage:
un.org
IP Addresses:
0
Company ID:
UNI_2749530
Scan Status:
In-progress
United Nations Company CyberSecurity Posture
un.org
Founded at the end of the Second World War, the United Nations is an international organization made up of 193 Member States committed to maintaining international peace and security. Every day the UN works to tackle global challenges and deliver results for those most in need. Giving life-saving support to populations hit by humanitarian crises, helping build and keep the peace in conflict-ridden areas, supporting governments and their citizens to advance development and fight poverty, and promoting human rights worldwide are the core pillars of the work of the United Nations and the mandates it receives from its Member States. The Charter of the United Nations is available in full at: http://www.un.org/en/documents/charter/
United Nations A.I CyberSecurity Scoring
United Nations Risk Score (AI oriented)Between 800 and 849
United Nations
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
United Nations Global Score (TPRM)XXXX
United Nations
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
United Nations Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
United Nations
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: Hackers breached the United Nations’ computer networks in early 2021 and made off with a trove of data that could be used to target agencies within the intergovernmental organization. The hackers likely got in using the stolen username and password of a UN employee purchased off the dark web. The hackers, whoever breached the UN didn’t damage any of its systems but instead collected information about the UN’s computer networks.
United Nations
Breach
Rankiteo Explanation
Attack threatening the organization's existence
Description: THE UNITED NATIONS accidentally published passwords, internal documents, and technical details about websites. It happened when it misconfigured popular project management service Trello, issue tracking app Jira, and office suite Google Docs. This made sensitive material available online to anyone with the proper link, rather than only to specific users who should have access. Affected data included credentials for a U.N. file server, the video conferencing system at the U.N.’s language school, and a web development environment for the U.N.’s Office for the Coordination of Humanitarian Affairs. The sensitive information were available by running searches on Google. The searches, in turn, produced public Trello pages, some of which contained links to the public Google Docs and Jira pages.
United Nations Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for United Nations
Incidents vs International Affairs Industry Average (This Year)
No incidents recorded for United Nations in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for United Nations in 2025.
Incident Types United Nations vs International Affairs Industry Avg (This Year)
No incidents recorded for United Nations in 2025.
Incident History — United Nations (X = Date, Y = Severity)
United Nations cyber incidents detection timeline including parent company and subsidiaries
United Nations Company Subsidiaries
Founded at the end of the Second World War, the United Nations is an international organization made up of 193 Member States committed to maintaining international peace and security. Every day the UN works to tackle global challenges and deliver results for those most in need. Giving life-saving support to populations hit by humanitarian crises, helping build and keep the peace in conflict-ridden areas, supporting governments and their citizens to advance development and fight poverty, and promoting human rights worldwide are the core pillars of the work of the United Nations and the mandates it receives from its Member States. The Charter of the United Nations is available in full at: http://www.un.org/en/documents/charter/
Loading...
United Nations Similar Companies
U.S. Department of State
The U.S. Department of State is focused on accomplishing America's mission of diplomacy at home and around the world. The U.S. Department of State manages America’s relationships with foreign governments, international organizations, and the people of other countries. U.S. diplomats and Civil Servic
World Health Organization
The World Health Organization's mission: to promote health, keep the world safe, and serve the vulnerable. Working through offices in more than 150 countries, WHO staff work side by side with governments and other partners to ensure the highest attainable level of health for all people. Stay connec
UNDP
The United Nations Development Programme works in nearly 170 countries and territories, helping to achieve the eradication of poverty, and the reduction of inequalities and exclusion. We help countries to develop policies, leadership skills, partnering abilities, institutional capabilities and build
USAID is the lead U.S. Government agency that works to end extreme global poverty and enable resilient, democratic societies to realize their potential. U.S. foreign assistance has always had the twofold purpose of furthering America's interests while improving lives in the developing world. USAI
Established in 1951, the International Organization for Migration is the leading intergovernmental organization in the field of migration and is committed to the principle that humane and orderly migration benefits migrants and society. IOM works with its partners in the international community to
UNHCR, the UN Refugee Agency
UNHCR, the UN Refugee Agency, is a global organisation dedicated to saving lives, protecting rights and building a better future for people forced to flee their homes because of conflict and persecution. We lead international action to protect refugees, forcibly displaced communities and stateless
Bluesky Agency
THE RIGHT WAY TO ITALY. Italian Agency based in Venice-Italy performing general affairs by Public and Private Boards seeks international Partners to develop SMART TOURISM NETWORK. Multilingual staff. Contact us as above
.png)
United Nations CyberSecurity News
December 05, 2025 08:33 AM
When Global Cybersecurity meets Civil Society: what the NIS2 Directive (EU) 2022/2555 and the United Nations Convention against Cybercrime mean for NGOs
Discover how the EU NIS2 Directive and the UN Cybercrime Convention reshape cybersecurity for NGOs, creating new opportunities and duties.
November 27, 2025 11:55 AM
Gender Equality | Office of Counter-Terrorism
The United Nations Office of Counter-Terrorism (UNOCT) aims to effectively counter the instrumentalization of gender by violent extremist and terrorist...
November 27, 2025 11:55 AM
Cybersecurity and New Technologies | Office of Counter-Terrorism
It aims to shed light on the intricate relationship between terrorism, violent extremism conducive to terrorism, and cybercrime, providing insights and analysis...
November 27, 2025 10:49 AM
Cybersecurity and New Technologies | Office of Counter-Terrorism
The UNOCT/UNCCT Cybersecurity and New Technologies programme aims to enhance capacities of Member States and private organizations to prevent cyber-attacks...
November 17, 2025 08:00 AM
IP25108 | Southeast Asia’s Cybersecurity Trajectory Beyond the UN OEWG
In July 2025, the conclusion of the five-year mandate of the United Nations (UN) Open-Ended Working Group (OEWG) on the security of, and in, the...
November 06, 2025 08:00 AM
Ha Noi Convention marks historic milestone shaping global legal order in cybersecurity
For the first time in history, the United Nations (UN) has chosen Ha Noi as the venue for the signing of a global convention.
November 05, 2025 08:00 AM
The US must not endorse Russia and China’s vision for cybersecurity
Even as Russia and China wage a relentless cyber war against the West, the United Nations is celebrating a new cybercrime treaty whose chief...
November 05, 2025 08:00 AM
The US Must Not Endorse Russia and China’s Vision for Cybersecurity
Even as Russia and China wage a relentless cyber war against the West, the United Nations is celebrating a new cybercrime treaty whose chief...
November 05, 2025 08:00 AM
UN treaty sparks debate over digital cybersecurity
UN treaty sparks debate over digital cybersecurity. Experts warn that the UN treaty may put online privacy and digital cybersecurity at risk.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
United Nations CyberSecurity History Information
Official Website of United Nations
The official website of United Nations is http://www.un.org.
United Nations’s AI-Generated Cybersecurity Score
According to Rankiteo, United Nations’s AI-generated cybersecurity score is 812, reflecting their Good security posture.
How many security badges does United Nations’ have ?
According to Rankiteo, United Nations currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does United Nations have SOC 2 Type 1 certification ?
According to Rankiteo, United Nations is not certified under SOC 2 Type 1.
Does United Nations have SOC 2 Type 2 certification ?
According to Rankiteo, United Nations does not hold a SOC 2 Type 2 certification.
Does United Nations comply with GDPR ?
According to Rankiteo, United Nations is not listed as GDPR compliant.
Does United Nations have PCI DSS certification ?
According to Rankiteo, United Nations does not currently maintain PCI DSS compliance.
Does United Nations comply with HIPAA ?
According to Rankiteo, United Nations is not compliant with HIPAA regulations.
Does United Nations have ISO 27001 certification ?
According to Rankiteo,United Nations is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of United Nations
United Nations operates primarily in the International Affairs industry.
Number of Employees at United Nations
United Nations employs approximately 62,133 people worldwide.
Subsidiaries Owned by United Nations
United Nations presently has no subsidiaries across any sectors.
United Nations’s LinkedIn Followers
United Nations’s official LinkedIn profile has approximately 6,006,055 followers.
NAICS Classification of United Nations
United Nations is classified under the NAICS code 92812, which corresponds to International Affairs.
United Nations’s Presence on Crunchbase
No, United Nations does not have a profile on Crunchbase.
United Nations’s Presence on LinkedIn
Yes, United Nations maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/united-nations.
Cybersecurity Incidents Involving United Nations
As of December 21, 2025, Rankiteo reports that United Nations has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
United Nations has an estimated 987 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at United Nations ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
Incident Details
Can you provide details on each incident ?
Title: United Nations Data Leak
Description: The United Nations accidentally published passwords, internal documents, and technical details about websites due to misconfiguration of Trello, Jira, and Google Docs. Sensitive material was available online to anyone with the proper link.
Type: Data Leak
Attack Vector: Misconfiguration
Vulnerability Exploited: TrelloJiraGoogle Docs
Title: United Nations Data Breach
Description: Hackers breached the United Nations’ computer networks in early 2021 and made off with a trove of data that could be used to target agencies within the intergovernmental organization.
Date Detected: Early 2021
Type: Data Breach
Attack Vector: Stolen Credentials
Vulnerability Exploited: Stolen username and password of a UN employee purchased off the dark web
Motivation: Information Gathering
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Stolen username and password of a UN employee purchased off the dark web.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Leak UNI175830922
Data Compromised: Passwords, Internal documents, Technical details
Systems Affected: File ServerVideo Conferencing SystemWeb Development Environment
Incident : Data Breach UNI155417123
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Passwords, Internal Documents, Technical Details, and Information about the UN’s computer networks.
Which entities were affected by each incident ?
Incident : Data Leak UNI175830922
Entity Name: United Nations
Entity Type: Intergovernmental Organization
Industry: International Affairs
Incident : Data Breach UNI155417123
Entity Name: United Nations
Entity Type: Intergovernmental Organization
Industry: Government
Location: Global
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Leak UNI175830922
Type of Data Compromised: Passwords, Internal documents, Technical details
Incident : Data Breach UNI155417123
Type of Data Compromised: Information about the UN’s computer networks
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach UNI155417123
Entry Point: Stolen username and password of a UN employee purchased off the dark web
Additional Questions
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on Early 2021.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Passwords, Internal Documents, Technical Details, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was File ServerVideo Conferencing SystemWeb Development Environment.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Technical Details, Internal Documents and Passwords.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Stolen username and password of a UN employee purchased off the dark web.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce the service into deleting arbitrary directories with SYSTEM privileges. This can be exploited to delete protected system folders such as C:\\Config.msi and subsequently achieve execution as NT AUTHORITY\\SYSTEM via MSI rollback techniques.
Risk Information
cvss4
Base: 8.5
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'cs_update_application_status_callback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers, with Candidate-level access and above, to inject cross-site scripting into the 'status' parameter of applied jobs for any user.
Risk Information
cvss3
Base: 7.6
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Description
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'cs_update_application_status_callback' due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Candidate-level access and above, to send a site-generated email with injected HTML to any user.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Description
The FiboSearch – Ajax Search for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `thegem_te_search` shortcode in all versions up to, and including, 1.32.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires TheGem theme (premium) to be installed with Header Builder mode enabled, and the FiboSearch "Replace search bars" option enabled for TheGem integration.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L104
- https://plugins.trac.wordpress.org/browser/ajax-search-for-woocommerce/tags/1.32.0/partials/themes/thegem-elementor.php#L94
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3420841%40ajax-search-for-woocommerce%2Ftrunk&old=3398612%40ajax-search-for-woocommerce%2Ftrunk&sfp_email=&sfph_mail=#file136
- https://wordpress.org/plugins/ajax-search-for-woocommerce
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8149103e-105d-401d-8a15-b07d131baaac?source=cve
Description
The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.0 via the ajax_get_members function. This is due to the use of a predictable low-entropy token (5 hex characters derived from md5 of post ID) to identify member directories and insufficient authorization checks on the unauthenticated AJAX endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, display names, user roles (including administrator accounts), profile URLs, and user IDs by enumerating predictable directory_id values or brute-forcing the small 16^5 token space.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/class-functions.php#L41
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-ajax-common.php#L61
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L205
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/includes/core/class-member-directory.php#L2795
- https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.10.6/templates/members.php#L26
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3421362%40ultimate-member%2Ftrunk&old=3408617%40ultimate-member%2Ftrunk&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/61337d2d-d15a-45f2-b730-fc034eb3cd31?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=united-nations' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
