Moroccan threat actor group TajineSec has claimed responsibility for breaching Crédit Populaire d’Algérie (CPA), one of Algeria’s largest and most influential banks. The announcement was made on a dark web forum, accompanied by threats to leak 500MB of raw data as initial proof of compromise.
According to the group’s statement, over 30GB of sensitive data has been exfiltrated from CPA’s systems, including:
- National ID documents
- Confidential employee and customer information
- Bank account and money transfer records
- Internal administrative documents linked to the Algerian government (which reportedly owns a 70% stake in the bank)
The breach, which was labeled “Official Statement #01 from TajineSec,” indicates that this may be the group’s first publicly claimed operation, and it comes with strong geopolitical overtones. The attackers explicitly frame their actions as retaliation against “recent provocations and violations targeting the Kingdom of Morocco.”
A pointed Eid greeting was included in the statement, but it came with a warning: “Your trust has been compromised.”
The message concluded with a clear ultimatum: if the bank fails to engage, more data will be unleashed. It also ominously warned Algerian officials that “the countdown has begun.”
The forum post featured a defaced banner with the CPA logo and an open threat to release the data imminently if the breach is not acknowledged. The attackers appear confident, suggesting that Algerian authorities tried to suppress earlier leaks by reporting their channels — a move that may have only escalated the situation.
Our Analysis:
This incident reflects the increasing use of cyber capabilities as a form of digital protest and political confrontation. While many data breaches are financially motivated, the tone, timing, and rhetoric here align more with hacktivist operations driven by nationalistic sentiments.
If verified, the exposure of such a vast trove of sensitive personal and financial data could have severe implications for both CPA and its customers, particularly with the potential misuse of national ID documents and banking credentials.