Data held for humanitarian work is data, and that makes it a target. Seems like it would be difficult to get substantial investment into security for aid organizations (why not feed more folks instead?)…

In this particular case, and earlier audit found:

A 2022 audit of WFP’s Palestine operations said risks related to personal data collection had not been assessed or mitigated due to limited internal technical capacity.