An alleged data breach has surfaced targeting Ibn Tufail University (Université Ibn Tufail) in Kenitra, Morocco. The breach, disclosed on a darkweb forum, claims to have exposed sensitive information belonging to more than 13,000 students, teachers, and staff members.
Ibn Tufail University, established in 2009 and named after the renowned Arab philosopher and physician Ibn Tufail, is a leading institution in Morocco, known for its contributions to higher education and research. This latest development highlights ongoing cybersecurity challenges facing academic institutions across North Africa.
The threat actor behind the leak shared samples suggesting that the compromised data includes:
- Full names (students, teachers, staff)
- Academic and personnel emails
- Phone numbers
- National identity card numbers (CIN)
- Dates of birth
- Additional academic and administrative details
According to the actor, the full dataset will be distributed through a Telegram bot, raising concerns about potential misuse of the leaked information.
If confirmed, the exposure of this information could place affected individuals at risk of:
- Identity theft and fraud through the use of leaked CIN numbers and personal identifiers.
- Targeted phishing attacks leveraging academic or institutional email addresses.
- Reputational damage to the university and Morocco’s higher education sector, which has increasingly become a target for cybercriminals.