Casablanca, Morocco — A disturbing cyberattack has targeted Morocco’s Office of Vocational Training and Employment Promotion (OFPPT), raising alarms as the potential impact on the country’s students and graduates could be profound. Cybersecurity monitoring platforms have uncovered that a database linked to OFPPT is being peddled on underground forums and the dark web, sparking a national security alert.
The attacker, identified as “anisanas2,” boasts of having breached OFPPT’s database and released a sample of 100,000 records as evidence. The attacker claims the entire dataset encompasses over 400,000 entries, potentially compromising the personal information of current trainees and graduates across Morocco. A tweet from VECERT Analyzer on April 12, 2026, underscores the gravity of the situation with a warning about the massive leak of educational data.
The leaked data is described as highly sensitive, containing full names, personal phone numbers, email addresses, enrollment details, academic tracks, and specific fields of study such as IT, mechanics, tourism, construction, and electricity. Additionally, diploma levels and detailed administrative records from more than 500 vocational training centers across the nation are reportedly included in the breach.
As of now, neither OFPPT nor Morocco’s Directorate General for Information Systems Security (DGSSI) has confirmed the breach, leaving the incident in the realm of unverified claims. However, cybersecurity analysts have raised the alarm, classifying the potential risk as moderate to high if the leak is authenticated. Technical sources suggest the breach may have originated from vulnerabilities in OFPPT’s web applications, compromised employee credentials, or unauthorized access through third-party contractors.
The potential consequences of such a data leak are severe. If confirmed, the exposed records could be exploited for identity theft, impersonation, and targeted phishing campaigns. The repercussions could extend beyond personal data, including bank account theft, account takeovers, commercial espionage, and blackmail.
The incident has also ignited a debate among Moroccan netizens, with many criticizing the country’s rapid digitalization of public services without adequate cybersecurity measures. The incident echoes the 2025 CNSS cyberattack, which saw sensitive salary and personal data linked to nearly two million workers and around 500,000 companies leaked. This incident has reignited concerns about the broader pattern of attacks targeting Moroccan public institutions.
As the situation unfolds, the focus is shifting to the Moroccan authorities’ response and the immediate steps that may be taken to safeguard the potentially affected individuals. Morocco World News continues to monitor the situation and will provide updates as they become available.
Source: moroccoworldnews
Original author: Oumaima Moho Amer
