Caisse Nationale de Sécurité Sociale (CNSS)
| Primary URL | Location | Industry | www[.]cnss[.]ma |
Country
Morocco
|
Government - National
|
|---|
Profile
CNSS, known also as the Caisse Nationale de Sécurité Sociale, is Morocco's national social security fund responsible for administering the country's mandatory social security schemes. It collects contributions from employers and workers and uses those funds to provide a range of benefits, including retirement pensions, health insurance coverage, family allowances, and compensation for occupational injuries or diseases. The organization serves both private‑sector employees and public‑sector workers, ensuring that eligible individuals receive statutory protections throughout their working lives. By managing these benefits, CNSS plays a central role in Morocco's social protection system.
The scale of CNSS's operations is reflected in the data it safeguards; the breach disclosed in April 2025 revealed that its databases contain personal and professional information for nearly two million workers and hundreds of thousands of enterprises. This indicates that the fund covers a substantial portion of the Moroccan labor force and a broad spectrum of businesses operating within the country. Its nationwide reach means that contributions and benefits are processed across all regions of Morocco. Consequently, CNSS is a key institution for the economic and social stability of the nation.
As a public institution under the Moroccan state, CNSS fulfills a regulatory function by enforcing compliance with national social security legislation and ensuring that employers meet their contribution obligations. It also oversees the proper governance of the social security funds it manages, adhering to standards set by national authorities. The organization's mandate includes implementing policies that aim to reduce poverty and provide a safety net for vulnerable populations. In addition, CNSS is subject to recent national cybersecurity legislation and cloud‑usage regulations that dictate how it must protect the sensitive data it holds.
On April 8, 2025, CNSS experienced a cyber intrusion that was publicly claimed by the Algerian hacking group Jabaroot DZ, which asserted that the attack aimed to destabilize and divert attention. The intrusion compromised the fund's databases, resulting in the leak of personal and professional data belonging to nearly two million workers and hundreds of thousands of enterprises. The group's statement highlighted perceived weaknesses in public sector information system governance, protection, and auditing, despite the existence of recent national cybersecurity measures. This incident underscores the ongoing challenges faced by state‑run entities in safeguarding large volumes of citizen data against sophisticated threats.
