Skip to main content
LesMRE
Join
LesMRE
DirectoryGuidesNews
Our Services

Join the Directory

Register as a professional

Become a Partner

Firms, institutions and associations

Talents & Startups

Present your project to our ecosystem

AboutContact
Sign inJoin
HomeNewsInstitutions
Institutions

Watiqa.ma Data Leak: 7 Actions to Take if You Are an Affected MRE

·7 min read
Watiqa.ma Data Leak: 7 Actions to Take if You Are an Affected MRE
© LesMRE

A leak of 695,402 records related to the Watiqa.ma platform has circulated since May 19, 2026. If you are an MRE who used this service for civil status documents, here are the 7 immediate actions to take to protect yourself.

TL;DR

On May 19, 2026, a data leak claim involving 695,402 records from the Watiqa.ma platform was published on a specialized forum. Dark Web Informer confirmed its existence the same day.

Watiqa.ma is the Moroccan civil status documents remote-request service used by many Moroccans Living Abroad (MRE). If you have used it, here is how to protect your data and accounts.

1. Check if you may be affected

You are if you meet these conditions:

  • You created an account on Watiqa.ma
  • You requested a birth certificate, marriage certificate, or other civil status documents
  • You entered personal details (name, surname, date of birth, certificate references, address, phone, email)

Based on the samples published, exposed data may include:

Data typeSensitivity
Full nameHigh
Date of birthHigh
Birth certificate referencesHigh
Parents' namesHigh
EmailMedium
PhoneMedium
Residential addressHigh

The status of this leak remains to be confirmed by the competent authorities. At this stage, treat the information as if confirmed to avoid being caught off guard.

2. Your rights under Moroccan Law 09-08

Law No. 09-08 on the protection of individuals regarding personal data processing frames your rights:

  • Article 7: right of access to your data held by any controller
  • Article 8: right to rectify or delete inaccurate data
  • Article 9: right to object for legitimate reasons
  • Article 22: sanctions for unsecured processing, up to 2 years imprisonment and 300,000 MAD fine

The reference authority is the CNDP (Commission Nationale de contrôle de la Protection des Données à caractère personnel): cndp.ma. You can file a complaint if you notice fraudulent use of your data.

3. 7 immediate actions to take

Action 1: Change your Watiqa.ma password

Log in to watiqa.ma, go to your account settings, and change your password. Use at least 12 characters with uppercase, numbers, and symbols. Never reuse this password elsewhere.

Action 2: Secure the email associated with your account

If the email you used for Watiqa is also used for your bank or main mailbox, change its password immediately and enable two-factor authentication (2FA):

  • Gmail: myaccount.google.com/security
  • Outlook / Hotmail: account.microsoft.com/security
  • iCloud: appleid.apple.com

Action 3: Watch for phishing attempts in the next 6 months

Leaked data (name, date of birth, parents, address) is often used to build personalized phishing emails that look credible. Beware of:

  • Emails impersonating CNDP, Ministry of Interior, Watiqa, or your bank
  • SMS asking you to click a link to verify your data or retrieve a document
  • Phone calls pretending to be from an administration and asking for your credentials

Rule: no Moroccan administration will ever ask for your password by email or phone.

Action 4: Check your Moroccan bank statements

If you have a Moroccan bank account (Attijari, BCP, BMCE, CIH, Société Générale, Crédit du Maroc), log in and review the last 30 days of transactions. Look for any unusual debit, even a few dirhams (fraudsters often test with small amounts before larger operations).

Action 5: Enable bank notifications

Ask your Moroccan bank to activate SMS alerts on every account transaction. Most Moroccan banks offer this service for free or at low cost.

Action 6: Report to CNDP if you find fraudulent use

If fraud or unauthorized use of your data is detected, file with CNDP:

  • Official website: cndp.ma
  • Contact email: contact@cndp.ma
  • Procedure: online complaint form or registered mail with acknowledgment of receipt

In parallel, if the fraud involves financial damage, file a complaint at the Moroccan police station in your residence city or via the consular portal of your country of residence.

Action 7: Monitor official communications

The investigation into this leak is ongoing. CNDP will likely communicate in the coming days or weeks. Monitor:

  • CNDP official website: cndp.ma
  • Watiqa website: watiqa.ma (news or user notices section)
  • Reference Moroccan media (Le360, Médias24, Yabiladi, Le Matin)

4. Recognizing a post-leak phishing email

Warning signs to watch for in the coming months:

Characteristics of a fraudulent post-leak email

  • The sender uses an official name but the actual address is not in .ma or doesn't match the official domain (e.g., cndp-maroc.com instead of cndp.ma)
  • The email mentions your full name, date of birth, or precise certificate references (leaked data)
  • It urgently requests you to click a link to verify your identity, retrieve a document, or avoid account suspension
  • The URL of the link, when hovered, points to an unknown or suspicious domain

What to do if you receive this type of email

  1. Do not click any links
  2. Do not reply
  3. Mark as spam in your inbox
  4. To verify information, go directly to the official website by typing the address manually in your browser

5. If you need a civil status document right now

If you need a document urgently and hesitate to use Watiqa.ma until the situation clarifies, you have official alternatives to get a civil status document from abroad:

  • Moroccan Consulate in your country of residence: direct request in person or by mail
  • Power of attorney to a relative in Morocco: they go to the civil status office with your legalized power of attorney
  • Registered mail to the civil status office of the Moroccan commune where you are registered

Our detailed practical guide: Get a Moroccan birth certificate from abroad: 4 methods in 2026

6. Digital best practices for all MRE

Beyond this specific leak, here are habits to better protect your data on any official Moroccan platform:

PracticeWhy
Unique password per accountPrevents one platform leak from contaminating your other accounts
Password manager (Bitwarden, 1Password, KeePass)Stores strong passwords without you remembering them
Two-factor authentication (2FA) everywhere it existsBlocks access even if your password is compromised
Dedicated email for administrationsSeparates your personal life from official accounts
Monthly bank statement reviewDetects fraud early before it gets worse
haveibeenpwned.comFree service that alerts you if your email appears in a known leak

7. Official resources and contacts

BodyContactFor
CNDPcndp.ma, contact@cndp.maComplaint in case of fraud, exercise of your rights
Watiqa.mawatiqa.maChange your settings, delete your account if desired
Bank Al-Maghribbkam.maReport bank fraud
Moroccan Consulatesconsulat.maAlternative documents, administrative assistance
haveibeenpwned.comhaveibeenpwned.comCheck if your email appears in past data leaks

Conclusion

A data leak is an event no user controls. What you can control is your digital practices and your responsiveness. The 7 actions above take less than an hour to implement and significantly limit the risks of identity theft or fraud.

LesMRE follows the evolution of the situation and will publish an update as soon as official communication from CNDP or competent authorities becomes available.

Sources

  • Dark Web Informer, "Watiqa.ma allegedly breached: 695K Moroccan civil document platform records exposed", May 19, 2026
  • Law No. 09-08 on personal data protection, Moroccan Official Bulletin No. 5714, 2009
  • CNDP, cndp.ma
  • Watiqa.ma

Share this article

Related articles

Daam Sakane 2026: MRE Eligible for Morocco's Direct Housing Aid of MAD 70,000 to 100,000

Daam Sakane 2026: MRE Eligible for Morocco's Direct Housing Aid of MAD 70,000 to 100,000

The Daam Sakane programme pays direct aid of MAD 70,000 to 100,000 to buy a primary residence in Morocco. First-time MRE buyers are eligible under conditions tailored to the diaspora. Here is the full procedure and pitfalls to avoid.

CNSS Reform 2026: Threshold Lowered to 1,320 Days and What It Means for MRE

CNSS Reform 2026: Threshold Lowered to 1,320 Days and What It Means for MRE

Decree 2.25.265 of 1 May 2025 lowers the CNSS contribution threshold from 3,240 to 1,320 days. This change opens pension rights for MRE who worked a few years in Morocco before moving abroad.

Morocco E-Visa 2026: What the Moroccan Diaspora Needs to Know

Morocco E-Visa 2026: What the Moroccan Diaspora Needs to Know

Morocco is preparing to launch an electronic visa system in 2026. For MRE who regularly invite family from third countries, this project could eliminate weeks of consular procedures.

Related practical guides

Accommodation Certificate and Invitation Letter for Schengen Visa: Complete MRE Guide8 min2026 legislative elections in Morocco: voting rights and eligibility for Moroccans abroad9 minLeaving France for Morocco: cancelling contracts, recovering your deposit and closing accounts12 min

Are you an MRE?

Join the platform and access 131 verified professionals in Morocco. Free.

Create my free account

Have a project in Morocco?

Find a LesMRE-verified expert to guide you through your steps.

Find an expert →