Morocco National Social Security Fund (CNSS) has confirmed it was the target of a major cyberattack that led to a significant leak of sensitive citizen data. Much of which has reportedly surfaced on Telegram and the Dark Web.
In a statement released this week, CNSS said its systems were hit by a series of coordinated cyberattacks designed to bypass its existing security defenses. The agency, which manages social security for private-sector workers across Morocco. Has launched an internal investigation to assess the full extent of the breach.
Although CNSS hasn’t disclosed the number of compromised records. Local media reports suggest the breach may have exposed over 54,000 files, affecting nearly 2 million individuals. These files are said to include highly sensitive data. Names, national ID numbers, phone numbers, email addresses, and bank account information.
Morocco Political Motive and Telegram Leak
An individual or group using the alias “JabaROOT” has claimed responsibility for the breach on Telegram. The threat actor suggested the attack was politically motivated. Allegedly in retaliation for what they claim were Moroccan cyber campaigns targeting Algerian institutions.
The stolen documents were reportedly posted to a public Telegram channel before later appearing on a dark web forum. According to U.S.-based cybersecurity firm Resecurity. While the data has been uploaded to underground marketplaces, it hasn’t yet been listed for sale.
However, CNSS cautioned that some of the leaked documents appear to be “false, inaccurate, or truncated.” The agency emphasized that it has activated its IT security protocols and is now conducting an administrative audit to determine the attack’s origin, scope, and potential long-term impact.
At this stage, no specific group has been officially linked to the attack. And the Moroccan government has not issued a broader public response.
A Wake-Up Call for Public Sector Cybersecurity
This incident underscores the increasing cyber risks facing public institutions, particularly those housing large-scale national data sets. With rising regional tensions and the growing weaponization of data breaches. State-backed and politically motivated cyberattacks are becoming more common—and more damaging.
Cyber experts warn that the fallout from breaches like this can include identity theft, financial fraud, and long-term trust erosion in national systems. The CNSS case now joins a growing list of global incidents where threat actors turn to platforms like Telegram and dark web forums to amplify their reach.
As Morocco’s investigation continues, the breach highlights the urgent need for enhanced cybersecurity and cross-border cooperation to track digital threats—especially as geopolitical tensions spill into cyberspace.
