Morocco’s Watiqa.ma portal faces alleged data breach

According to Morocco World News, citing a report by Dark Web Informer, a threat actor operating under the alias Jabaroot claims to have leaked more than 695,000 records from the Watiqa.ma platform. The alleged breach concerns data from a public service used by citizens to request administrative documents online, including birth certificates and other civil records. Because of the nature of the service, any data exposed through the platform could include sensitive personal and administrative information.

According to the claim, which has not yet been officially confirmed by Moroccan authorities or the platform’s administration, the leaked dataset includes the following data types:

• Full identity details
• Mother’s and father’s names
• Birth certificate numbers

Jabaroot has reportedly been linked to similar incidents involving data leaks of Moroccan citizens.

Nearly 6 million Carnival customers affected after social engineering attack

Another incident has hit cruise operator Carnival Corporation. The company confirmed a data breach resulting in the theft of personal data belonging to 5,995,277 individuals.

The breach resulted from a social engineering attack. Carnival detected unauthorized activity on April 14, 2026. Unauthorized actors were able to gain access to an employee account, then infiltrate certain corporate systems and exfiltrate files containing personal information. The cybercriminal group ShinyHunters later claimed responsibility for the breach and published the stolen data in late April.

According to Carnival, the incident analysis is ongoing, and the affected data varies by individual. The impacted data is currently known to include the following personal information:

• Name
• Address
• Email address
• Phone number
• Date of birth

• Government-issued identification number (e.g., driver’s license number and passport number)

An analysis by Have I Been Pwned found that the compromised dataset contained an even higher number of unique records (8.7 million records, including 7.5 million unique email addresses). The data relates to the Mariner Society loyalty program operated by Holland America Line, a Carnival-owned brand. The leaked dataset included names, email addresses, dates of birth, gender details, geographic location information, and loyalty program status.

The company emphasized that a thorough investigation into the incident is ongoing, with external cybersecurity specialists brought in to assist.

A compromised employee account, obtained through phishing or another social engineering technique, can become the entry point for an external attack. SearchInform Next-Gen DLP helps detect suspicious activity and prevent the unauthorized transfer of confidential data beyond the corporate perimeter.

Learn more about how SearchInform Risk Monitor helps prevent external threats.