Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

The National Social Security Fund of Morocco Suffers Catastrophic Data Breach: A Looming Threat to Citizens' Personal Identity and Financial Stability


The National Social Security Fund of Morocco (CNSS) has suffered a catastrophic data breach, exposing sensitive personal information about over 1.996,026 employees. This devastating incident raises concerns regarding the security and integrity of the CNSS's data management practices and serves as a stark reminder of the increasing threat landscape that citizens in Morocco face when it comes to cyber security.

  • The National Social Security Fund of Morocco (CNSS) has suffered a data breach exposing sensitive personal information about 1.996,026 employees.
  • The breach is attributed to the threat actor 'Jabaroot' and highlights the need for greater vigilance and proactive measures to safeguard citizens' personal data against potential threats.
  • The incident raises concerns regarding the security and integrity of the CNSS's data management practices.
  • The breach serves as a stark reminder of the increasing threat landscape that citizens in Morocco face when it comes to cyber security.
  • There is a pressing need for greater clarity and consistency in terms of data management practices and adequate safeguards to protect citizens' personal identity and financial stability.
  • International cooperation and collaboration are critical in combating cyber threats, particularly as the threat landscape continues to evolve.



  • The news that the National Social Security Fund of Morocco (CNSS) has suffered a data breach is nothing short of alarming. This devastating incident, which was revealed on April 9, 2025, by Pierluigi Paganini from Resecurity, has exposed the sensitive personal information of over 1.996,026 employees and reporting companies operating in Morocco. The breach, attributed to the threat actor 'Jabaroot', is a stark reminder of the pervasive nature of cyber threats and their potential impact on citizens' personal identity and financial stability.

    The CNSS, which was established in 1961 as an essential component of Morocco's social protection system, has been entrusted with the responsibility of managing the compulsory social security plan for salaried employees in the private sector. This plan covers a wide range of services, including healthcare, disability, and retirement benefits. In light of this breach, it is imperative to examine the scope and implications of the incident in greater detail.

    The leaked data, which includes CSV and PDF files containing personal information about 1,996,026 employees from various enterprises operating in Morocco, has revealed an unprecedented level of vulnerability on the part of the CNSS. The data comprises files related to both enterprises and individuals, detailing their salaries and associated personally identifiable information (PII) details.

    The breach is all the more disturbing given the sheer scale of compromise involved. It appears that the threat actor 'Jabaroot' has successfully accessed a significant volume of sensitive citizen data, with estimates suggesting that this constitutes the largest cyber attack by number of victims in Morocco to date. This breach highlights the urgent need for greater vigilance and proactive measures to safeguard citizens' personal data against potential threats.

    The negative side effects of this data breach are multifaceted and far-reaching. Firstly, it has raised concerns regarding the security and integrity of the CNSS's data management practices. The disclosure of sensitive passport, email, salary, and banking information will undoubtedly have a significant impact on victims, who may be vulnerable to online banking theft via social engineering tactics.

    Moreover, this breach serves as a stark reminder of the increasing threat landscape that citizens in Morocco face when it comes to cyber security. The incident underscores the need for individuals to exercise greater caution when navigating the digital realm and to take proactive measures to safeguard their personal data against potential threats.

    In light of these findings, it is imperative to examine the policies and regulations governing data protection in Morocco. The breach highlights a pressing need for greater clarity and consistency in terms of data management practices and the provision of adequate safeguards to protect citizens' personal identity and financial stability.

    Finally, this incident serves as a timely reminder of the critical importance of international cooperation and collaboration in combating cyber threats. As the threat landscape continues to evolve at an alarming rate, it is essential that countries work together to share intelligence and best practices in addressing these emerging challenges.

    In conclusion, the data breach suffered by the CNSS has exposed a grave concern regarding citizens' personal identity and financial stability. The incident highlights a pressing need for greater vigilance and proactive measures to safeguard citizens' personal data against potential threats.

    The National Social Security Fund of Morocco (CNSS) has suffered a catastrophic data breach, exposing sensitive personal information about over 1.996,026 employees. This devastating incident raises concerns regarding the security and integrity of the CNSS's data management practices and serves as a stark reminder of the increasing threat landscape that citizens in Morocco face when it comes to cyber security.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/The-National-Social-Security-Fund-of-Morocco-Suffers-Catastrophic-Data-Breach-A-Looming-Threat-to-Citizens-Personal-Identity-and-Financial-Stability-ehn.shtml

  • https://securityaffairs.com/176388/security/national-social-security-fund-of-morocco-suffers-data-breach.html


  • Published: Wed Apr 9 16:13:02 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us