🚨 Breaking News | Cyberattack on Morocco’s CNSS Exposes Sensitive Data, Sparks National Alarm

Morocco’s National Social Security Fund (CNSS) has fallen victim to a significant cyberattack, exposing sensitive personal and corporate data, with some reports estimating the breach may impact nearly 2 million individuals and 500,000 companies. The attack, which occurred on Tuesday, April 8, also targeted the Ministry of Employment, though their incident appears to be less severe.

While CNSS initially described the breach as “partial,” independent reports from Le Canard Libéré and La Quotidienne.ma suggest the scale could be far greater, with leaked data including contact information, salary declarations, and identities of managers and employees from major Moroccan institutions such as the Royal Holding Company Siger, Crédit Agricole Bank, and even the Israeli Liaison Office in Rabat.

⚠️ What Was Leaked?

The compromised information reportedly includes:

• Names and contact details
• Salary records and declarations
• Organizational roles
• Data from high-profile entities

However, CNSS officials have urged the public to treat leaked information with caution, stating that some content circulating on social media is either false, incomplete, or taken out of context.

🧑‍💻 Who’s Behind the Attack?

Only one source, Le Canard Libéré, has pointed to a possible perpetrator: an Algerian hacker group called “Jebaroot”, allegedly retaliating for a prior breach of the Algerian Press Service’s (APSX) Twitter account. This claim remains unverified by other media outlets and Moroccan authorities, highlighting the difficulty in attributing cyberattacks with certainty.

🔐 CNSS Response & Public Warning

In response to the attack, CNSS:

• Activated emergency cybersecurity protocols
• Partnered with national security authorities
• Temporarily restricted access to certain online services
• Issued urgent public warnings

The CNSS has advised all insured individuals to:

• Change their passwords regularly
• Avoid sharing personal data via unsolicited calls, texts, or emails
• Verify communications only via their official website: www.cnss.ma

They also warned that spreading fake or leaked data may lead to legal consequences, as authorities are investigating and may pursue criminal charges.

🧾 Legal and Institutional Ramifications

The National Data Protection Authority (CNDP) has opened its doors to victims seeking to file complaints. Meanwhile, CNSS has launched an internal probe and referred the case to the judiciary, underlining the seriousness of the incident.

Le Canard Libéré raised concerns over the CNSS’s digital infrastructure, calling it “expensive but underperforming”, and questioned whether sufficient safeguards were in place to protect national data assets.

📉 Wider Implications

This breach could have ripple effects across Morocco:

• Professional secrecy compromised
• Salary leaks may disrupt competition or prompt social unrest
• Public trust in digital institutions at risk

The incident is being called by some analysts “Morocco’s first cyber war,” underlining how digital threats are becoming matters of national security.

---

🛡️ Final Takeaway

This attack is a stark reminder that cybersecurity is no longer just an IT issue—it’s a national, economic, and societal priority. With sensitive data now at risk, the public is urged to remain vigilant and institutions must reassess their digital defense strategies.

“What’s needed is not just better firewalls,” said one analyst, “but a fundamental shift in how we protect, manage, and respond to cyber threats in a connected world.”