[ad_1]
Marrakech – Following massive data breaches from Jabaroot attacks in April, the National Social Security Fund (CNSS) has launched an international tender worth MAD 40 million ($4 million) to strengthen its cybersecurity infrastructure.
The initiative comes as a direct response to the April 8 cyberattack that compromised sensitive data of nearly 500,000 companies and two million employees.
The tender, announced under international open call number 89/2025, is divided into two main components. The first allocation of MAD 6 million ($600,000) will support the acceleration of CNSS’s digital transformation project.
The second component, ranging between MAD 19.99 million ($1.99 million) and MAD 39.98 million ($3.99 million), focuses on acquiring necessary technical expertise and competencies.
This security upgrade follows confirmed attacks by Algerian hackers from the Jabaroot group, which resulted in the leak of sensitive information, including national ID numbers and salary data. The compromised information was subsequently circulated on social media platforms.
More concerning, Médias24 reported on September 9 that a cybersecurity expert has alerted about a second cyberattack on CNSS. According to the expert, this new breach was “more severe” than the first one and was allegedly carried out by a different hacker than Jabaroot.
This attack reportedly targeted individual documents and family data. When contacted, CNSS neither confirmed nor denied this information.
During the April incident, the institution claimed in a statement that preliminary verification of leaked documents showed they were “often false, inaccurate or truncated.”
Read also: Transparency Maroc: CNSS Data Breach Exposes Critical Flaws in Morocco’s Cybersecurity
CNSS confirmed its computer system had been subjected to a series of cyberattacks aimed at circumventing security measures but denied the authenticity of the leaked data, even though evidence suggested otherwise.
The tender specifications emphasize strict compliance with Law 09-08 regarding personal data protection. Service providers must implement comprehensive organizational and logistical measures to ensure data confidentiality and reliability.
The requirements prohibit any unauthorized or fraudulent use of information, mandating the destruction of files and documents immediately upon contract completion.
CNSS aims to establish modern digital governance using agile methodologies (Agile/Scrum) and specialized teams (Squads) to monitor digital use cases. The initiative will include key performance indicators (KPIs) to measure implementation progress and impact.
Established by royal decree in 1972, CNSS is responsible for managing social insurance systems for private sector employees, self-employed individuals, and professionals, alongside the mandatory health insurance system.
The cybersecurity enhancement comes amid CNSS’s expanding role since 2022, when it began overseeing the “AMO Tadamon” system for disadvantaged groups, followed by the “AMO Chamil” system in 2024 for non-active individuals able to pay contributions.
These expansions have significantly increased the number of enrollees and digital files managed by the fund, heightening the need for more secure and effective digital systems.
[ad_2]
Source link