The WFP Gaza humanitarian aid self-registration application suffered unauthorized access exposing names and household details for approximately 600,000 Gazan families. Technical root cause, attack vector, and threat actor attribution remain unconfirmed in public reporting. The primary organizational risk for security practitioners is the control gap pattern this incident represents: public-facing self-registration portals handling bulk PII with potentially inadequate access segmentation and authentication.