Data Breach Allegations Targeting Moroccan Officials
A cybercriminal known by the alias 'Rihana' has boasted about possessing a database containing sensitive personal information of employees from the Moroccan Royal Palace. This alleged data breach reportedly includes an array of personal details such as names, birth dates, addresses, national identification numbers (DNI), and employment dates of various officials. The alarming information surfaced via @DarkWebInformer, a profile on X that monitors dark web activities.
This incident is part of a broader wave of purported cyberattacks targeting Moroccan entities, as documented by the same source, which has highlighted similar breaches in the educational and commercial sectors. Currently, Moroccan authorities have yet to issue any public statement regarding this unauthorized access, leaving many questions unanswered about the integrity of sensitive data.
Interestingly, the attacker, 'Rihana', does not appear to have a notable history of previous cyberattacks or a recognizable track record, raising suspicions about the validity and origins of the leaked data. This recent claim comes on the heels of a significant security breach that occurred just a year ago in April 2025, where Morocco's National Social Security Fund (CNSS) was targeted. This attack compromised the data of nearly 2 million individuals and resulted in the theft of over 54,000 files, as reported by local media outlets. The leaked information included national identification numbers, employment affiliations, email addresses, phone numbers, and banking data, which were subsequently published on a public Telegram channel. The attackers, identified as JabaROOT, were linked to Algerian hackers, highlighting the ongoing security challenges faced by Moroccan institutions.
Given these circumstances, it is not far-fetched to speculate that the new breach may not be as recent as claimed and could potentially incorporate data sourced from previous leaks. The situation underscores the critical need for enhanced cybersecurity measures to protect sensitive information from falling into the wrong hands.
As reported by escudodigital.com.
