Massive Private Data Breach: Audit Report by National Defense in the Pipeline

April 17, 2025

A massive leak of private data has occurred at Morocco’s National Social Security Fund (CNSS) and the Ministry of Economic Inclusion, Small Business and Employment.

The data was released on April 8, 2025, via a Telegram channel. The cyberattack appears to have been perpetrated by a group of Algerian hackers going by the name Jabaroot DZ.

On the government side, the matter is being treated with seriousness, although one of its members stated anonymously it was not formally on the agenda of the April 10, 2025, cabinet meeting : “We discussed it briefly. We must now wait for the audit report from the General Directorate for Information Systems Security (DGSSI). This matter must be approached seriously and calmly. We need to take measures for the future and also separate fact from fiction in the data being circulated”.

The DGSSI reports to the National Defense Administration. Contacted by our team, its cybersecurity monitoring and response center (maCERT) confirmed that “a meeting is currently underway,” without confirming whether the breach was on the agenda. Another DGSSI department did not respond to our request for information, nor did the telecom regulator (ANRT), which is a member of DGSSI’s strategic cybersecurity committee, along with the Ministers of Interior, Foreign Affairs, and Industry. L’Économiste reached out- in vain- to the latter two ministers.

The central question remains: How can such a large-scale leak of private data occur within public institutions? Morocco has an official body tasked with protecting its critical IT infrastructure – namely, the DGSSI – which has even established a national cybersecurity strategy for 2030.

Roughly two million Moroccans are affected by this breach of personal data. Both the Penal Code and Law No. 09-08 on the protection of individuals with regard to personal data processing impose penalties for such acts. The law also places “confidentiality and security obligations” on data controllers. In this case, the CNSS is required “to implement appropriate technical and organizational measures to protect the data (…) and ensure an adequate level of security given the risks involved.”

However, the damage has already been done. The leaked information has been “posted online for free” on Telegram and a file-sharing platform. “Since the original distribution channel is still unknown, the alleged Algerian hackers chose to announce the leak on forums (popular within the hacking community) widely followed by hackers and global security agencies. Jabaroot published 6.5 GB of Moroccan citizens’ data. To date, it appears that more than 28,000 people have downloaded the leaked files,” stated Moroccan Hackers on their Facebook page on April 10, 2025.

This analysis emerges despite the absence of any official technical investigation report made available to the country’s 36 million citizens. The breach involves more than 53,000 files in PDF format, with additional data in spreadsheet formats such as CSV (similar to Excel files).

F.F. & A.O

Related Articles

The Gnaoua and World Music Festival reinvents itself

Right of generic substitution, a solution to drug shortage?

Social workers : The Government wants to restore order

Online payments: Ultimatum looming ahead!

Leave a Reply Cancel reply