Royal Palace of Morocco: Hackers obtain data of Moroccan Royal Palace officials

Moroccan Royal Palace Staff Data Allegedly Leaked by New Threat Actor

A threat actor operating under the alias Rihana has claimed to leak sensitive personal data belonging to staff of the Royal Palace of Morocco. The dataset, shared on the dark web, reportedly includes names, birth dates, addresses, national identification numbers (DNI), and hiring dates of palace officials.

The breach was first flagged by @DarkWebInformer, an X (formerly Twitter) account that tracks dark web activity. This incident follows a pattern of alleged cyberattacks against Moroccan institutions, including recent breaches in the education and commercial sectors. Moroccan authorities have yet to respond to the claims.

The attacker’s alias, Rihana, appears to be new, with no prior record of significant cyberattacks. However, concerns have arisen that the leaked data may not be fresh Morocco has faced multiple high-profile breaches in recent years. In April 2025, the National Social Security Fund (CNSS) suffered a major attack, exposing nearly 2 million records, including national IDs, employment details, emails, phone numbers, and banking data. That breach, attributed to the Algerian-linked group JabaROOT, saw stolen files published on a public Telegram channel.

Given the frequency of such incidents, security researchers suggest the latest leak could involve recycled data from previous breaches rather than a new compromise. No official verification of the claims has been provided.

Source: https://www.escudodigital.com/en/cybersecurity/hackers-obtain-data-of-moroccan-royal-palace-officials.html

Royal Palace cybersecurity rating report: https://www.rankiteo.com/company/royal-palace

"id": "ROY1776444249",
"linkid": "royal-palace",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'Staff of the Royal Palace',
                        'industry': 'Government/Public Sector',
                        'location': 'Morocco',
                        'name': 'Royal Palace of Morocco',
                        'type': 'Government'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Birth dates',
                                              'Addresses',
                                              'National identification numbers '
                                              '(DNI)',
                                              'Hiring dates']},
 'description': 'A threat actor operating under the alias *Rihana* has claimed '
                'to leak sensitive personal data belonging to staff of the '
                'Royal Palace of Morocco. The dataset, shared on the dark web, '
                'reportedly includes names, birth dates, addresses, national '
                'identification numbers (DNI), and hiring dates of palace '
                'officials.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage to the '
                                       'Moroccan Royal Palace',
            'data_compromised': 'Personal data (names, birth dates, addresses, '
                                'national identification numbers (DNI), hiring '
                                'dates)',
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
 'investigation_status': 'Ongoing',
 'references': [{'source': '@DarkWebInformer (X/Twitter)'}],
 'threat_actor': 'Rihana',
 'title': 'Moroccan Royal Palace Staff Data Allegedly Leaked by New Threat '
          'Actor',
 'type': 'Data Breach'}