The Office of Vocational Training and Work Promotion (OFPPT), Morocco’s largest vocational training provider, suffered a cybersecurity incident exposing personal data of nearly 100,000 users, according to multiple reports. The breach reportedly compromised sensitive information including names, contact details, and possibly national identification numbers.
The incident was first flagged by Moroccan news outlet Yabiladi, which cited internal sources at the agency. Cybersecurity analysts suggest the breach likely occurred through compromised administrative credentials, though OFPPT has not confirmed the attack vector. ‘Public institutions in North Africa have become prime targets for both criminal hackers and state-sponsored actors,’ said a regional cybersecurity expert who requested anonymity due to ongoing investigations.
OFPPT, which trains over 500,000 students annually, has not issued an official statement. However, sources within Morocco’s Digital Development Agency indicate a forensic audit is underway. The breach follows similar incidents at other African government agencies this year, including a January attack on Kenya’s eCitizen portal.
Experts warn the exposed data could fuel phishing campaigns and identity fraud. ‘The lack of breach disclosure laws in Morocco complicates risk assessment for affected individuals,’ noted a Rabat-based data protection consultant. The incident raises questions about cybersecurity preparedness as Morocco accelerates its digital government initiatives.