The CNDP warns about the risks associated with personal data leaks following cyberattacks.

Following a series of cyberattacks that notably compromised data from the National Social Security Fund (CNSS), the National Commission for the Control of Personal Data Protection (CNDP) is urging vigilance against the risks associated with the illicit exploitation of personal data disclosed through unauthorized channels.

In an official statement, the CNDP reminds that any processing of personal data must be based on either the informed consent of the individual concerned or a legal basis compliant with Law No. 09-08. The use of information obtained outside of these conditions is deemed illegal and constitutes an infringement.

The Commission emphasizes that it has, under Article 30 of the same law, the authority to conduct investigations and ensure that data controllers comply with legal obligations, particularly concerning data security, in accordance with Article 24.

As part of its mission, the CNDP announces its readiness to receive complaints from citizens who believe they have been victims of leaks or unauthorized publications of their personal data. Investigations will be carried out to verify the compliance of the processing in question with current legislation. The statement also notes that some preliminary checks have revealed that certain documents purportedly resulting from these attacks were actually falsified or altered.