Big news is coming from African Countries. The National Social Security Fund suffered one of the biggest data breaches in Morocco’s history. Cell C, a South African telecom provider, officially confirmed the leak of 2 TB of sensitive files. Additionally, we have news about the activities of regulators in South Africa and Nigeria. Let's take a closer look at these developments.

A major data breach happened in Morocco last week. The National Social Security Fund (CNSS) fell victim to a cyberattack. The scope of the data leak is currently unknown. Some sources say criminals exfiltrated 500,000 records, including 54,000 PDF files with sensitive information. Also, other outlets claim that the data of up to 4 million employees could be affected. This incident is one of the most significant data breaches in Morocco's history.

The CNSS is a public institution that manages the compulsory social security plan for Morocco’s private sector workforce, covering healthcare, disability, and retirement benefits. Due to the nature of the fund, the organization processes and stores large volumes of sensitive data in its digital repositories.

The scope of attacks has not been determined yet. The criminals published a file with personal information of 2 million Moroccan employees. The number of affected individuals can grow because the CNSS has data from 40 000 reporting enterprises with 4 million workers. The list of compromised records includes:

• Full names
• National ID numbers
• Passport details
• Contact information
• Financial records (bank credentials and salary information).

Also, internal documentation and other sensitive files were exposed for thousands of businesses and enterprises, including foreign companies.

The investigation to get a full picture of the data breach is ongoing. CNSS’s officials conducted verification of leaked documents and claimed that they are “often false, inaccurate, or truncated.” But some research companies have confirmed the validity of the data through internal assessment and cross-verification with their clients.

This data breach could have long-term consequences. Exposure of sensitive data could lead to a spike in criminal activities, such as identity theft, financial fraud, and targeted social engineering attacks by malicious actors.

At the same time, Cell C, one of the major South African telecom providers, officially confirmed a data breach from last year. Cell C is the fourth-largest mobile network operator, which provides services for 7.7 million customers. It is also a major incident because criminals exfiltrated nearly 2 TB of the company’s data.

According to the official statement, the company is actively working to lock down its system and mitigate the damage. The final scope of the data leak is not determined yet. However, exposed data includes:

• Full names and contacts
• ID numbers
• Banking details
• Medical records
• Driver’s License Numbers.

The South African telecom provider notified the Information Regulator about the incident. The company has launched a dedicated Information Hub to assist affected parties. Cell C encourages affected individuals to register for Protective Registration with the South African Fraud Prevention Service, a free service for potential identity fraud detection.

On April 7th, the South African Information Regulator issued an official statement regarding the launch of a new security compromise reporting functionality on the eServices portal. From now on, local organizations will be required to report any security compromises through the portal instead of via email. This change is part of a broader effort to streamline the reporting process and improve incident monitoring.

The Protection of Personal Information Act (POPIA) outlines the process for reporting security compromises. Therefore, this new development will impact not only South African businesses but also foreign companies operating in South Africa or providing services here.

Over the past year, several major incidents occurred in South Africa, including the aforementioned Cell C data breach and the Pam Golding leak. According to the Information Regulator, in the 2023 financial year, there were more than 1,700 security incidents, triple the number from the previous year.

Nigeria is taking a proactive stance regarding data protection, as we receive a lot of news from this country. Kudirat Kekere-Ekun, the Chief Justice of Nigeria, has emphasized the importance of protecting information against data breaches and cyberattacks. The official delivered a keynote speech at the 2025 National Workshop on Information and Communication Technology.

Additionally, the Nigeria Data Protection Commission has been holding meetings to promote and educate representatives from various business sectors. Officials from the Commission met with members of the Hotel Owners Forum and the management of Providus Bank. These meetings aim to ensure regulatory compliance for all businesses and legal entities in Nigeria.

Data leaks can cause significant damage to a business and have long-term consequences. Small and medium-sized businesses could potentially go out of business as a result. Regulatory compliance and information security are two sides of the same coin. It is the coin of stability and confidence in the future.

SearchInform’s Managed Security Service is your ticket to a sunny day. We have developed the service according to the needs of the African and Middle Eastern regions. It offers 360-degree protection against threats and assists with regulatory compliance. Our cutting-edge solutions and the vast expertise of security specialists will ensure robust protection, saving the company funds as there’s no need to purchase expensive software licenses, hardware and maintain onboard experts.