Cyberattack Claimed by Algerian Hackers Exposes CNSS Vulnerability

Another hacking attack against a major Moroccan institution. Algerian hackers claim to have compromised the CNSS database, stealing thousands of files, including personal data of approximately 2 million people.

Two cyberattacks were carried out yesterday, Tuesday, April 8, against the website of the Ministry of Employment (still inaccessible at the time of publication), then the highly sensitive database of the National Social Security Fund (CNSS).

Claimed by Algerian hackers, the operation resulted in a data breach that could be one of the most massive in Morocco. The hacker(s) claim to have obtained no less than 54,000 PDF files, including personal data affecting approximately 500 thousand companies and 2 million insured individuals affiliated with the CNSS.

The compromised information includes "the insured's name, CINE number, company name, manager's email address and phone number, bank account details," among other personal and professional data.

The attack on Tuesday, April 8, which adds to a long list of similar operations targeting Moroccan organizations, exposes the vulnerability of the CNSS information system. It comes at a time when the institution, headed by Hassan Boubrik, is called upon to play a major role in the comprehensive social protection project. The number of CNSS insured, which has already exploded with universal health coverage and the arrival of former Ramedistes, should continue to grow by integrating public sector employees as part of the planned merger with Cnops.

This cyberattack shows that cybersecurity must be elevated to the highest level of strategic priorities for CNSS and public establishments in Morocco. It is unacceptable not to consider digital security among the prerequisites for an establishment's operation.