In an official statement, the Office for Vocational Training and Promotion of Employment (OFPPT) acknowledged the occurrence of a cybersecurity incident that led to the leakage of personal data concerning about 100,000 young individuals at the national level.
The office clarified that the incident took place on April 12, 2026, and originated from the new guidance platform “MyWay,” indicating that the impact did not extend to its other information systems.
According to initial data, the leaked information was compiled into a CSV file approximately 19 megabytes in size, which was published or displayed on the dark web.
The leaked data includes basic information that users entered themselves when creating their accounts on the platform, which are:
- Full name
- Phone number
- National Identification Card number (CIN)
- Email address
The office confirmed that about 70% of the affected individuals belong to the category of “interested” in the vocational training system, while potential trainees represent 30%. It emphasized that the leak is limited to these identification data only and does not include any supporting documents or other materials.
The incident is currently subject to an in-depth investigation overseen by teams from the office’s Information Systems Directorate, in coordination with the relevant authorities and with the assistance of external technical expertise, aimed at determining the circumstances of the incident and enhancing security protection measures.
It is worth noting that some technical reports on social media and dark web monitoring platforms indicated that the attacker (who uses a pseudonym) released a free sample containing 100,000 records as proof, while claiming to possess larger data that may exceed 400,000 records. However, the office confirmed in its official statement that the leaked volume is limited to 100,000.
Users who created accounts on the MyWay platform are advised to enable two-factor authentication (2FA) on their email, monitor any suspicious activity on their phones, and change passwords on linked accounts if necessary.
