Morocco’s cybersecurity landscape has been rocked by an incident affecting the national education system. In mid-April, a database belonging to Morocco’s Office of Vocational Training and Employment Promotion (OFPPT) – the country’s largest public technical training institution –was discovered for sale on the dark web. According to the attackers, the full database contains over 400,000 records, potentially affecting both current trainees and graduates nationwide.

The first reports of a possible compromise emerged on April 12, 2026. Threat monitoring platforms Dark Web Intelligence and VECERT Analyzer detected that a threat actor using the alias "anisanas2" had listed the OFPPT database for sale. As proof of the breach, the hacker released a free sample of 100,000 records. On April 14, the OFPPT officially confirmed the incident.

According to analysts, the leak occurred via the MyWay platform – a digital tool designed for student career guidance. As a result, highly sensitive data was compromised, which could serve as a basis for spear-phishing, SIM-swapping, and other fraudulent schemes.

The leaked data includes the following types of information:

• Full names
• Personal phone numbers
• Email addresses
• Enrollment details
• Academic tracks, and highly specific fields of study, including IT, mechanics, tourism, construction, and electricity
• Diploma levels and detailed administrative records tied to more than 500 vocational training centers across the country

Approximately 70% of the 100,000 confirmed records falls under the category of "leads" –potential clients who had only expressed interest in training and may have provided inaccurate or incomplete data during registration.

The investigation indicates that the breach resulted from the compromise of a legitimate user’s account (via phishing or an employee password leak), which allowed the attacker to gain unauthorized access to the platform's functions.

The OFPPT incident has sparked a heated reaction across Moroccan media space. Users and experts are drawing direct parallels to the major cyberattack on the National Social Security Fund (CNSS) in 2025, where the personal information of nearly 2 million workers and 500,000 companies was leaked. That case served as a wake-up call, highlighting the vulnerability of key state infrastructure.

As Morocco World News notes, digital transformation often outpaces the development of systems designed to protect citizens' data. The current situation with OFPPT confirms a troubling trend: Moroccan state institutions, which are actively digitizing services from social security to education, are struggling to close security gaps in time.

The OFPPT has pledged to strengthen its security framework to ensure the future safety of its platforms and guarantee user confidentiality. In February 2026, the OFPPT had already initiated an emergency plan to address vulnerabilities, which included hiring external experts and implementing DLP (Data Loss Prevention) solutions. However, the full deployment of the system is still ongoing.

Implementing a DLP system is essential for modern organizations to build reliable information security. A DLP solution helps prevent the transfer of sensitive data and provides control over user activity, enabling timely detection and prevention of incidents as well as potentially dangerous insider actions. Request a free trial of SearchInform Next-gen DLP – a system that monitors the maximum number of transmission channels, from corporate email and messengers to USB drives and cloud storage.