Moroccan Biomedical School SUPTECH SANTE Breached, 231 Student Dossiers With National IDs, Diplomas, and ID Card Photos Exposed

Summary

Threat actor xNov has leaked 231 student dossiers from SUPTECH SANTE, a Moroccan biomedical engineering school, containing full names, national ID numbers (CIN), ID card photos, diploma scans, phone numbers, and Massar codes. The actor claims this breach is a continuation of the OFPPT campaign targeting Moroccan educational institutions and is offering an additional 500+ dossiers for sale. The exposure creates significant identity theft and credential fraud risks, particularly given the students' likely careers in healthcare and medical device engineering.

Full text

Dark Web Informer - Cyber Threat Intelligence Moroccan Biomedical School SUPTECH SANTE Breached, 231 Student Dossiers With National IDs, Diplomas, and ID Card Photos Exposed April 14, 2026 - 5:04:38 PM UTC Morocco Education / Healthcare Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-14 17:04:38 UTC Threat Actor xNov Victim SUPTECH SANTE (suptech-sante.ma) Industry Education / Healthcare Category Data Breach Exposed Dossiers 231 Additional for Sale 500+ Dossiers Data Range 2025/2026 Related Campaign OFPPT Breach Continuation Price Partial Free / Full for Sale Campuses Mohammedia & Essaouira Country Morocco Incident Overview Threat actor xNov has leaked the database of SUPTECH SANTE, formally named Ecole Superieure de Genie Biomedical et des Techniques de Sante, a Moroccan higher education institution specializing in Biomedical Engineering and Health Technologies. Founded in 2023 by FRDISI (Fondation de Recherche, de Developpement et d'Innovation en Sciences et Ingenierie), the school operates campuses in Mohammedia and Essaouira and hosts Jobintech, a government-backed free digital training program. The actor explicitly states this breach is a continuation of the OFPPT breach campaign, indicating a sustained effort targeting Moroccan educational institutions. This is also the same actor behind the Smarteez / L'Oreal Morocco breach from earlier this month. The exposed data includes 231 student dossiers from the 2025/2026 academic period, with each dossier containing: Identity Documents: Full names, national ID numbers (CIN, Morocco's Carte d'Identite Nationale), and national ID card photos. This combination of ID number plus photo constitutes a complete identity verification package. Academic Documents: Diploma and degree certificate scans, enrolled training program and specialization details, and Massar codes (Morocco's national student tracking system identifier used across all educational institutions). Contact Information: Phone numbers, email addresses, and personal numbers. Personal Data: Dates of birth, gender, and inscription receipt codes. The 231 dossiers are offered as a partial leak with an additional 500+ dossiers available for purchase with escrow accepted. Since SUPTECH SANTE focuses on biomedical engineering and health technology, these students are likely pursuing careers in medical device engineering, clinical technology, and health informatics. The exposure of their national ID photos alongside Massar codes and diploma scans creates both an identity theft risk and a potential for fraudulent credential claims in the healthcare sector. Compromised Data Categories Full Names National ID Numbers (CIN) National ID Card Photos Diploma / Degree Certificate Scans Phone Numbers Email Addresses Dates of Birth Gender Massar Codes Inscription Receipts Training Program & Specialization Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets vulnerabilities in the educational institution's web platform as part of a broader campaign against Moroccan education infrastructure following the OFPPT breach. T1213 Data from Information Repositories Extracts structured student enrollment dossiers from the institution's database including personal data, academic records, Massar codes, and enrollment details. T1005 Data from Local System Collects scanned documents stored on the institution's systems including national ID card photos, diploma scans, and degree certificate images for each student dossier. T1567 Exfiltration Over Web Service Distributes the stolen student dossiers as a partial free download with 500+ additional records available for purchase, using the same password-protected distribution method as previous breaches. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• domain — suptech-sante.ma

Entities