Join on WhatsApp 
Join on Telegram Doha – Morocco’s National Social Security Fund (CNSS) revealed Wednesday that preliminary verification of documents leaked following a recent cyberattack shows they are “often false, inaccurate or truncated,” as the institution grapples with what could be one of the country’s most dangerous data breaches to date.
In an official communiqué, the CNSS confirmed its computer system had been subjected to a series of cyberattacks aimed at circumventing security measures, resulting in a data leak whose “origins and contours are currently being evaluated.”
“As soon as the data leak was observed, the IT security protocol was activated with corrective measures that contained the path used and strengthened infrastructures,” the CNSS stated, adding that measures have been implemented to precisely identify the affected data.
The breach appears to be part of a broader cyber assault by an Algerian hacking group called “Jabaroot,” which claimed to have exfiltrated approximately 500,000 records, including 54,000 PDF files containing sensitive information.
The leaked documents allegedly include salary certificates, employee lists, and data concerning both public and private Moroccan companies.
According to available information, the breach may have exposed personal data of nearly 2 million Moroccan employees across approximately 500,000 businesses registered with the CNSS.
The leaked documents reportedly include salary attestations from various organizations, including the royal holding SIGER and the Israeli liaison office in Rabat.
The cyberattack simultaneously targeted the Ministry of Economic Integration, Small Enterprise, Employment and Skills (MIEPEEC).
Read also: Algerian Hackers Target Maroc Hebdo After Controversial Cover Story
While the ministry initially downplayed the breach, stating that “all information published on the site is public and accessible to all,” the hackers responded by releasing what they claim to be additional ministry payroll files in a 75 MB archive.
The CNSS stressed that protecting personal data and user information confidentiality remains an “absolute priority.” The institution has initiated an internal administrative investigation and notified relevant judicial authorities.
“We call on all citizens and media to exercise vigilance, demonstrate a sense of responsibility, and avoid any act of dissemination or sharing of leaked or falsified data at the risk of facing judicial consequences,” the CNSS communiqué concluded.
The incident has prompted concerns from political figures, including Abdellah Bouanou, head of the Justice and Development Party’s (PJD) parliamentary group, who has called for accountability and stronger cybersecurity measures across ministerial sectors and public institutions.
The hackers claimed their actions were in retaliation for alleged “Moroccan harassment of official Algerian social media pages,” specifically citing the suspension of the Algerian Press Service (APS) account on platform X.
Reports indicate Moroccan hackers have launched counter-operations targeting Algerian government websites.
