Do Son 
The Moroccan National Social Security Agency (CNSS) is currently investigating a major breach of personal data, which, according to media reports, has compromised the private information of millions of citizens. The incident gained widespread attention following leaks shared via Telegram, with the press characterizing it as a politically motivated cyberattack allegedly orchestrated by Algerian hackers.
The CNSS, responsible for managing medical insurance, disability, and pension disbursements for the private sector, confirmed that attackers successfully bypassed existing security protocols to access internal records. Preliminary estimates indicate that over 54,000 files containing information on nearly 2 million individuals were exfiltrated. The compromised data includes names, national ID numbers, employment details, phone numbers, email addresses, and bank account information. Some of the leaked documents are dated November 2024.
The data was disseminated through a Telegram channel, where the documents were published in full view. While CNSS officials noted that portions of the leaked files appeared altered or incomplete, they acknowledged that a comprehensive investigation into the breach is underway. No official attribution has been made, but the hacker collective known as JabaROOT claimed responsibility shortly thereafter. In their statement, the group accused Morocco of digital interference in Algerian institutions and threatened further attacks should “cyber aggression” continue.
The stolen files were also posted on a darknet forum, notably without any attempt to monetize them, suggesting that the operation was politically, rather than financially, driven. Analysts believe the campaign may be state-sponsored, possibly involving intelligence entities operating under the guise of hacktivist collectives.
Among those affected are not only Moroccan nationals but also foreign entities, including several European companies with operations in Morocco. While the exact vector of the breach remains undetermined, experts have not ruled out the exploitation of a zero-day vulnerability or a flaw in third-party software—potentially one built on Oracle technologies.
To substantiate their claims, JabaROOT released a screenshot of the Moroccan Ministry of Labor’s website, which became inaccessible following the breach. The hackers portrayed their actions as retaliation for a recent attack on the official X* account of Algeria’s APS news agency, which they allege was compromised by a Moroccan-linked proxy group. The defaced account was renamed “Sahara Marocain,” referencing the protracted territorial dispute over Western Sahara.
Tensions between Morocco and Algeria have been simmering for years. Diplomatic ties were severed in 2021, with airspace closures, suspended gas exports, and the imposition of visa restrictions. The core of the conflict remains the contested status of Western Sahara. Recently, U.S. Senator Marco Rubio expressed support for Morocco’s autonomy plan for the region, prompting renewed criticism from Algerian officials.
