Morocco’s National Social Security Fund was hit by a cyberattack, exposing the sensitive data of up to 2 million people.

According to reports, Morocco's social security office suffered a serious breach that caused a sizable portion of its data to be exposed to Telegram.

According to a CNSS press release, preliminary investigations by the Moroccan National Social Security Fund (CNSS) showed that its IT systems were the focus of multiple cyberattacks in which the threat actor sought to get around security measures, ultimately resulting in the agency's data being leaked.

The state organization in charge of overseeing social security programs for workers in Morocco's private sector is called the CNSS.

Although the CNSS has not yet verified this, certain Moroccan media sites have claimed that around 54,000 files were taken, exposing the personal data of about 2 million people. Names, bank account information, phone numbers, email addresses, national ID numbers, and more are allegedly included in the files.

CNSS has stated that after looking over some of the papers that were uploaded to a public Telegram channel, some of the content seems to be often abbreviated, erroneous, or fake.

According to the CNSS, an internal administrative inquiry is in progress to examine the extent and type of the breach, and its IT security procedure has been initiated. Although a threat actor going by the moniker "JabaROOT" has claimed credit for the strikes, the agency has not officially linked the attack to any hacker or organization.

According to Resecurity, a provider of endpoint security, the stolen information has subsequently been posted on a Dark Web underground site but has not yet been offered for sale.