Statement by the Digital Content Observatory Regarding the Alleged CNSS Breach: Between Media Amplification and Unprecedented National Digital Awareness

In the context of the widespread controversy surrounding the alleged “breach” of the National Social Security Fund’s (CNSS) information system, and the concerns raised about the leakage of personal data attributed to cyberattacks, the Digital Content Observatory wishes to share the following with national public opinion:

---

1. Our Reservation Regarding Conclusively Stating a Systematic External Breach Occurred

Despite the institution’s statement indicating that its infrastructure was subjected to cyberattacks, we, at the Digital Content Observatory, do not agree with the absolute assertion that the leak resulted from an external breach. Our analysis of the circulated content and the context of its spread strongly suggests the hypothesis of access to an old and outdated version of a database that was leaked from within the system, through negligence or intentional action.

---

2. The Leaked Data Bears Signs of Fabrication and Exaggeration

Through its monitoring and analysis of a sample of the leaked documents, the Observatory found clear indicators of the fabrication of a portion of the data and the exaggeration of other parts. This does not allow considering the incident a “systematic technical cyber breach,” but rather closer to an old internal leak that was exploited for unknown purposes.

---

3. The Institution’s Statement Was Responsible and Measured

We positively note that the CNSS statement was characterized by wisdom and balance, as it sufficed to remind of the seriousness of publishing fabricated data that could harm the private lives of individuals and institutions, without making accusations or threats. We consider this a sophisticated institutional behavior worthy of emulation.

---

4. The Event Created a Positive and Unprecedented Wave of Digital Awareness

Contrary to those who consider the event a missed opportunity, we affirm that what happened formed a rare and unprecedented wave of awareness in Morocco, both at the level of the media, public opinion, and even within institutions. This uproar contributed to:

• Strengthening society’s awareness of the seriousness of cybersecurity.
• Highlighting the fragility of digital infrastructures within some sectors.
• Sparking a genuine national debate about privacy and the protection of personal data.

This positive momentum must be quickly invested in strengthening digital public policies before it fades.

---

Recommendations of the Digital Content Observatory:

1. Open a transparent judicial and technical investigation that includes the hypothesis of an internal leak.
2. Conduct an accurate assessment of the digital protection infrastructure in public institutions, without exaggeration or premature exoneration.
3. Launch cybersecurity training and awareness programs targeting employees, journalists, and civil society actors.
4. Adopt a comprehensive digital public policy that includes legal deterrence, institutional qualification, and continuous training.

---

Issued in Fès, April 12, 2025

On behalf of the Digital Content Observatory

President: Ahmed El Bakkali namita