Morocco’s National Social Security Fund (CNSS) has confirmed that its information technology system was the target of a cyberattack, leading to a data leak. However, an initial review of the allegedly leaked documents circulating widely on social media has revealed that many of them are false, inaccurate, or deliberately distorted.
In a press release issued on Wednesday, the CNSS disclosed that it had experienced a series of coordinated cyberattacks intended to bypass its security protocols. These attacks resulted in the unauthorized disclosure of information, though the exact origin and scale of the breach are still under active investigation.
According to the CNSS, the breach triggered an immediate cybersecurity response. “As soon as the data breach was detected, we activated our cybersecurity protocol,” the agency stated. This included implementing corrective measures to contain the breach, reinforcing the security of its IT infrastructure, and deploying additional resources to assess the scope of the data compromised.
The CNSS emphasized that protecting the personal data and confidentiality of its users remains a core priority. An internal administrative investigation is currently underway, and the matter has been reported to the relevant judicial authorities for further legal examination.
In light of the incident, the CNSS has issued a strong warning to the public and the media against sharing or distributing any of the leaked information, noting that doing so could carry legal consequences. “We urge all citizens and media outlets to exercise vigilance and responsibility, and to refrain from distributing or sharing leaked or falsified data,” the statement read.
The agency reassured the public that it remains committed to maintaining transparency while also ensuring the integrity of its systems and the protection of beneficiaries’ data. It pledged to provide updates as the investigation progresses and more details become available.
This incident comes amid growing concerns over cybersecurity threats targeting public institutions, highlighting the need for enhanced vigilance, secure data practices, and stronger digital infrastructure in the face of evolving cyber risks.
