Morocco’s National Commission for the Control and Protection of Personal Data (CNDP) has issued a warning regarding the risks linked to the unauthorized use of personal data in the aftermath of document leaks of the National Social Security Fund (CNSS).

In a press release issued today, April 10, the CNDP reminded the public that the lawful processing of personal data must be based on the informed consent of individuals or within the framework authorized by Law No. 09-08. The use of any data obtained outside of this legal framework is deemed unlawful and constitutes an offense, the commission cautioned.

The CNDP further emphasized its authority to investigate and inquire into data processing practices under Article 30 of Law No. 09-08, ensuring that personal data controllers comply with the law and that the data is protected in line with Article 24 of the same law.

The CNDP stated that it is ready to receive complaints from individuals who believe they have been victims of data leaks or unauthorized publications. The commission declared that it will investigate whether the processing of such data complies with Law No. 09-08 and its regulations. 

Earlier this week, a group of Algerian hackers self-labelled as “Jabaroot” claimed responsibility for infiltrating the official website of Morocco’s Ministry of Economic Integration. 

The hackers released sensitive data, reportedly belonging to thousands of Moroccan employers across nearly 500,000 businesses, as registered by the National Social Security Fund (CNSS). 

Initial checks by relevant stakeholders revealed that some of the leaked documents attributed to the cyberattack were found to be false, inaccurate, or distorted.