Doha – Transparency Maroc issued a statement on Monday expressing “profound concern” over the massive data leak from the National Social Security Fund (CNSS), which has compromised the personal information of nearly two million individuals and approximately 500,000 registered businesses.
“The cyberattacks have led to widespread leaks of critical personal data in several government agencies, including the Ministry of Employment and the National Social Security Fund,” the anti-corruption watchdog stated. “These leaks could destabilize and threaten social and national peace.”
The NGO cautioned that this represents a grave violation, as “the Constitution guarantees the protection of data, regulated by law 09-08 relating to the protection of individuals with regard to the processing of personal data.”
The organization criticized the inadequate response from the affected institutions, pointing out they chose “threat and intimidation” instead of reassuring users and offering apologies. “The ministers concerned who chair the boards of directors have not made themselves heard,” Transparency Maroc noted.
The data breach, which occurred earlier this month, is considered Morocco’s most substantial cybersecurity incident to date. The attack exposed highly sensitive personal information including full names, national ID numbers, passport details, email addresses, phone numbers, salary information, and banking credentials.
According to cybersecurity experts, the breach reveals serious vulnerabilities in the country’s digital infrastructure. Outdated systems, inadequate staff training, and insufficient governance frameworks have all contributed to creating an environment where such attacks can succeed.
Transparency Maroc has called for greater accountability and transparency regarding the incident. The organization is demanding public disclosure about “the strategy of public authorities regarding information systems security” and the quality of personal data protection at the national level.
Read also: Kaspersky: Morocco Ranks High Among Top Targets for Cyberattacks in Africa
The anti-corruption group has also demanded the revelation of “those responsible who authorized certain service providers to perform consulting, assistance, training, software and security hardware sales in addition to the audit mission, which constitutes an obvious conflict of interest.”
Additionally, it sought information about “the results of the tender offer No. 15/2021, dated August 2021, related to supporting the National Social Security Fund in complying with the requirements of Law 09-08,” which they noted should have been legally published on the Fund’s website.
Experts point out that the breach highlights the urgent need for comprehensive cybersecurity measures. Regular security audits, staff awareness programs, and robust data classification systems are essential components of an effective defense strategy.
The implementation of advanced technologies, including artificial intelligence-based threat detection systems, could also help prevent similar incidents in the future.
The incident has also raised questions about the effectiveness of Morocco’s cybersecurity infrastructure despite the country’s reputation for having strong digital defenses.
While the General Directorate of Information Systems Security (DGSSI) and the National Commission for the Control of Personal Data Protection (CNDP) have been praised for their work in establishing regulatory frameworks and raising awareness, the breach demonstrates that crucial vulnerabilities remain.
Transparency Maroc concluded its statement by calling on “the government to publish the results of investigations into these important matters with full transparency in the interest of all concerned parties.”

Join on WhatsApp
Join on Telegram







