National Social Security Fund of Morocco Suffers Data Breach
National Social Security Fund of Morocco Suffers Data Breach
April 09, 2025
Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data.
Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the successful compromise of the National Social Security Fund of Morocco (CNSS). The motive behind the data breach remains unclear, but the scale of compromise already generated attention across cybersecurity community and privacy experts in the region. The breach could be interpreted as the largest cyber attack by number of victims (consumers) in Morocco.
The Morocco National Social Security Fund (CNSS), or Caisse Nationale de Sécurité Sociale, is a public institution responsible for managing the compulsory social security plan for salaried employees in Morocco’s private sector, covering healthcare, disability, and retirement benefits. Similar to organizations in the US and EU, such funds store a significant amount of digital identity information relating to citizens. A data breach of such scale may have a negative, long-lasting impact on citizens’ personal data that could create risks of fraud and identity theft. The CNSS is the main social security administrative body in Morocco. Established in 1961 to replace the Caisse d’Aide Sociale (originally established in 1942), CNSS has played an essential role in the social protection of private sector work.
What it covers:
Healthcare:
Provides access to hospitalization, medical services, and other treatments for insured individuals and their dependents.
Pension:
Responsible for the pension system, providing retirement benefits to eligible individuals.
Unemployment:
Administers unemployment benefits, providing financial support to eligible individuals who lose their jobs.
Other benefits:
The CNSS also provides benefits for maternity, invalidity, family allowances, death grants, and survivor’s pensions
The threat actor has leaked CSV and PDF files containing personal information about 1,996,026 employees from various enterprises operating in Morocco. Notably, the CNSS has presumably more than 400.000 reporting companies and over 3.9 million employees in their system, that’s why the data breach could be interpreted as large-scale.
The leaked data includes files related to both enterprises and individuals, reporting their salaries and associated personally identifiable information (PII) details.
The negative side effect of this data breach is the disclosure of citizens’ passport, email, salary, and banking information. Fraudsters are exploiting such data for online banking theft via social engineering, and the victims have a challenging time protecting themselves against it, as they will have to replace their documents, which is not always practical or technically feasible.
Resecurity warned of the increase in cyber-attacks targeting the digital identities of consumers in the Middle East and North Africa (MENA) region.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, National Social Security Fund of Morocco)
