Morocco’s social security agency has fallen victim to a significant cyberattack, resulting in the theft and leak of sensitive personal data on the Telegram messaging app, affecting millions of private sector workers.
The North African kingdom’s social security fund, responsible for administering pensions and insurance benefits, revealed that preliminary investigations indicate the leak resulted from hackers bypassing its security systems. The agency’s statement came after troves of data were stolen from its systems in the cyberattack this week.
The hackers who posted the documents on Telegram claimed the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms and pledged additional cyberattacks if Algerian sites were targeted. However, the agency maintained that many of the documents posted were “misleading, inaccurate, or incomplete.”
Moroccan media have attributed the attack to Algerian hackers, describing it as an episode in a larger cyberwar between the two countries. Relations between Algeria and Morocco have recently deteriorated to historic lows, with the countries withdrawing their ambassadors, closing their embassies, and restricting each other’s airspace. The tension is rooted in part in Algeria’s support for the Polisario Front, a pro-independence movement fighting Morocco over the disputed Western Sahara.
The leaked information touches on deeply sensitive issues in Morocco, including salary information that, if accurate, reflects vast economic inequalities despite the country’s strides in economic development. The leaked data also includes unverified financial information on executives of state-owned companies, political parties, figures associated with the royal family’s holding company and charity fund, and the Israeli liaison office in Rabat.
Morocco’s National Commission for the Protection of Personal Data announced its readiness to investigate complaints from individuals targeted in the leak. The commission’s statement came as the government grappled with the fallout from the cyberattack.
Mustapha Baitas, Morocco’s government spokesperson, linked the attack to growing international support for Morocco in the Western Sahara conflict, stating that it “disturbs the enemies of our country to the point of attempting to harm it through these hostile actions.” His comments came after U.S. Secretary of State Marco Rubio expressed support for Morocco’s plan for the disputed territory, drawing criticism from Algeria.
The U.S. position on Western Sahara has been a point of contention, with President Donald Trump shifting Washington’s stance in 2020 to back Morocco’s sovereignty over the territory. Although the Biden administration has neither reversed nor openly supported this policy, Rubio’s recent statement reignited tensions.
