Morocco ANCFCC land registry data leak

On 2 June 2025, the hacktivist Jabaroot — already responsible for the April leak of Morocco's social-security fund — claimed a second major breach against the Moroccan state: the Agence Nationale de la Conservation Foncière, du Cadastre et de la Cartographie (ANCFCC), the national agency that maintains the kingdom's land titles, cadastre, and mapping records.

What happened

Posting on a dark-web forum, Jabaroot claimed access to over 10 million property certificates and more than 4 million documents totalling in excess of 4 terabytes of data. Samples published to substantiate the claim included title deeds, deeds of sale and purchase, civil-status documents, copies of national ID cards, passports, and banking documents, along with what the actor described as sensitive "VIP" records.

Because ANCFCC's registry underpins property ownership, mortgages, and inheritance across Morocco, the exposed documents carried acute risk for real-estate fraud, forged conveyancing, and identity theft. Researchers at CybelAngel verified the authenticity of sampled documents, though some forum participants questioned whether the entire trove originated directly from ANCFCC systems or aggregated data from multiple sources. Moderators ultimately removed the thread after download links broke.

Attribution and motive

As with the CNSS leak, Jabaroot framed the ANCFCC attack as retaliation against perceived "anti-Algerian propaganda" by Moroccan media, situating it within the broader Algeria–Morocco geopolitical confrontation and the Western Sahara dispute. The actor — variously described as "Jabaroot DZ" and as Algeria-linked — again did not seek ransom, reinforcing the assessment that the campaign was hacktivist and politically driven rather than financially motivated.

Impact

The ANCFCC leak marked an escalation in a sustained campaign. In the 10 weeks following the CNSS breach, CybelAngel observed a 312% increase in leaked data attributed to Moroccan entities, with more than 5 terabytes of stolen material published across clear- and dark-web platforms between April and mid-June 2025. The back-to-back compromise of two pillars of the Moroccan state — social security and land ownership — exposed systemic weaknesses in the cybersecurity of the country's most sensitive public registries.

Why it matters

Land-registry data is among the most consequential a government holds: it establishes who owns what. The ANCFCC breach demonstrated that geopolitically motivated hacktivism could reach beyond personal identity data into the legal foundations of property itself, and that Morocco's public institutions faced a coordinated, multi-target adversary capable of repeatedly exfiltrating data at terabyte scale. It cemented 2025 as a watershed year for Moroccan public-sector cyber risk.

Timeline

April 8, 2025

Jabaroot's campaign against Morocco opens with the leak of CNSS social-security data.

June 2, 2025

Jabaroot claims responsibility on a dark-web forum for a breach of ANCFCC, Morocco's national land conservation agency, posting samples of property certificates.

June 2, 2025

The actor claims access to over 10 million property certificates and more than 4 million documents totalling over 4 terabytes, including VIP records.

June 3, 2025

Researchers at CybelAngel and others verify the samples; forum users question whether the full dataset originated directly from ANCFCC.

June 15, 2025

CybelAngel reports a 312% surge in leaked Moroccan data over the 10 weeks since the CNSS breach, exceeding 5 terabytes published across the clear and dark web.

Sources

cybelangel.comhttps://cybelangel.com/blog/ancfcc-data-leak-flash-report/

cybelangel.comhttps://cybelangel.com/blog/a-cnss-breach-update/

biometricupdate.comhttps://www.biometricupdate.com/202504/sensitive-pii-of-millions-leaked-in-historic-moroccan-data-breach

resecurity.comhttps://www.resecurity.com/blog/article/cybercriminals-attacked-national-social-security-fund-of-morocco-millions-of-digital-identities-at-risk-of-data-breach

Related incidents

Data breachResolvedApril 8, 2025

Morocco CNSS social security data leak

A hacktivist using the alias Jabaroot leaked more than 53,000 PDF files and CSV databases from Morocco's National Social Security Fund, exposing national ID numbers, salaries, and banking details for nearly 2 million employees across some 500,000 companies.

Victim: Caisse Nationale de Sécurité Sociale (CNSS)
Loss: $4.0M
Records: 2.0M

Data breachUnknownDecember 28, 2025

Leak at the French Ministry of Agriculture and Food

In late December 2025, the LAPSUS$ Group claimed a breach of France's Ministry of Agriculture and Food, leaking roughly 60 GB (97,210 files) of FTP credentials, SQL databases and system logs spanning 32 departments and 19 business applications.

Victim: French Ministry of Agriculture and Food

Data breachUnknownDecember 22, 2025

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim: justice.fr

Data breachContainedDecember 19, 2025

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

Victim: French Ministry of Sports