A threat actor going by the alias Jabaroot has claimed responsibility for a massive cyberattack on Morocco’s National Social Security Fund (CNSS), compromising the personal data of nearly two million employees across the country. The breach, which surfaced on April 8, 2025, is believed to be one of Morocco’s most significant cyber incidents to date, raising alarm across the region’s cybersecurity and privacy communities.
The CNSS, or Caisse Nationale de Sécurité Sociale, manages healthcare, retirement, unemployment, and other benefits for Morocco’s private sector workforce. As such, it holds vast troves of personally identifiable information (PII) on citizens, making it a high-value target for cybercriminals.
According to a detailed report by US-based cybersecurity firm Resecurity, the attacker released the stolen data on a dark web forum, making it freely accessible in CSV and PDF file formats. Notably, there was no attempt to sell the data or monetize it through private channels—an unusual move that suggests motives beyond financial gain.
“The actor did not offer this data for sale, which is uncommon for cybercriminals. This tactic is more in line with espionage operations attempting to mask their true intent under hacktivist or criminal narratives,” stated Resecurity in its investigation report.
Read Full Report: Cybercriminals Attacked National Social Security Fund of Morocco – Millions of Digital Identities at Risk of Data Breach
Personally Identifiable Data of Millions Leaked
The leaked dataset reportedly includes the PII of 1,996,026 employees, including names, national ID numbers, passport details, contact information, salary records, and banking details. The files also contained data from around 40,000 enterprises registered with the CNSS, revealing company details and administrative contacts.
ALSO READ: Call for Cyber Experts: Join FCRF Academy as Trainers and Course Creators
This breach poses a severe risk to affected individuals, many of whom are now vulnerable to fraud, identity theft, and targeted social engineering scams. The archive, dated November 29, 2024, was shared in a 7z compressed file, suggesting the data had been stolen months ago but was only recently leaked.
Resecurity has acquired the compromised data and confirmed its authenticity with multiple impacted parties. Alarmingly, victims reported that they had not received any formal breach notifications from CNSS or the Moroccan government, raising serious concerns about transparency and incident response.
High-Level Government Agencies Caught in the Breach
Among those affected are employees of major Moroccan government bodies, including:
- The Ministry of Economy and Finance
- The Ministry of Health
- The Moroccan Agency for Investment and Export Development (AMDIE)
- The Moroccan Pension Fund
- The National Agency for the Promotion of Small and Medium Businesses (Maroc PME)
- The General Treasury of the Kingdom
- The National Office for Food Safety (ONSSA)
The data leak also revealed salary information of several public officials. The attacker accused them of minimizing the incident’s significance and included these details as part of the public dump.
“This appears to be an act of retaliation and digital protest. The attacker seems to be engaging in a form of cyber-conflict, which may also reflect geopolitical tensions in the region,” Resecurity noted.
ALSO READ: Now Open: Pan-India Registration for Fraud Investigators!
Geopolitical Angle: Morocco-Algeria Cyber Tensions
In messages posted via a Telegram channel, Jabaroot cited a previous hack of the Algerian Press Service’s Twitter account by Moroccan hackers as a motivating factor. The ongoing digital skirmishes between hacking groups in Algeria and Morocco have intensified in recent years, often mirroring political friction between the two nations.
Resecurity stated that such activities are common among state-aligned cyber espionage groups, who often mask their operations behind criminal facades to avoid direct attribution.
Long-Term Impact and Regulatory Silence
The CNSS, founded in 1961, is the backbone of Morocco’s social welfare system for private sector workers. The breach of its systems has widespread implications—not only for the millions of affected citizens but also for foreign companies operating in Morocco. Several EU-based firms and their employees were found in the leaked data.
The lack of immediate action or official notification has drawn criticism from privacy advocates. Citizens remain in the dark, with many unaware that their sensitive information is now publicly available.
“The absence of a timely and transparent response from regulators could exacerbate the damage,” warned Resecurity. “Affected individuals face real challenges in mitigating the risks, especially when replacing identity documents is not always practical or even possible.”
Previous Warning by CNSS Now Rings Alarmingly True
Nearly two years ago, CNSS issued a public alert warning citizens against sharing personal details with unknown individuals impersonating CNSS representatives. The agency pledged legal action against those exploiting public trust.
That warning now appears prophetic. With a breach of this scale, Morocco’s digital infrastructure and data protection frameworks face a serious stress test.
Resecurity continues to investigate the attack in coordination with law enforcement. The firm is urging all affected organizations to assess their exposure and take immediate steps to protect user accounts and business systems from further compromise.
What Can Victims Do?
In the absence of an official alert, Resecurity recommends that affected individuals:
- Monitor their financial accounts for suspicious activity
- Change passwords for online services
- Enable two-factor authentication wherever possible
- Report any identity misuse to local authorities
The Moroccan government is yet to issue an official statement on the incident. With millions of digital identities now exposed, pressure is mounting on regulators to act—both to inform the public and to strengthen national cyber defenses.