Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals.
The incident impacts registered professional caregivers working for private employers, typically parents using the Pajemploi service part of URSSAF – the French organization that collects social security contributions from employers and individuals.
“The Pajemploi service has been the victim of a theft of personal data belonging to employees of private employers using the Pajemploi service,” reads the announcement from the agency.
“This cyberattack, detected on November 14, could have affected up to 1.2 million employees of private employers using the Pajemploi service,” the public service says.
According to the French agency, the data potentially exfiltrated includes the following types:
- full names
- place of birth
- postal address
- social security number
- name of the used banking institution
- the Pajemploi number
- accreditation number
Pajemploi’s disclosure highlights that the hackers did not have access to bank account numbers (IBANs), email addresses, phone numbers, or account passwords.
Each person affected by the cybersecurity incident will be notified by Pajemploi individually.
Pajemploi also stated that the incident has not impacted its operations, and services such as the processing of submitted declarations or payment of salaries continue uninterrupted.
The agency notes that after detecting the breach, it took immediate action to stop the attack and protect its information systems. The organization also notified the French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI).
URSSAF recommends that everyone be extra cautious due to the elevated risk of fraudulent emails, SMS, or phone calls targeting them using the stolen information.
BleepingComputer has contacted URSSAF with a request for more information about the incident and whether there is a ransom demand from the threat actor, but we received no reply. We will update the article when we hear back.
At publishing time, no ransomware group has claimed the attack on Pajemploi.
In March 2024, France Travail, formerly Pôle Emploi, the agency responsible for registering unemployed individuals and providing employment assistance, suffered a data breach that exposed the personal data of 43 million individuals in the country.
Over the weekend, Eurofiber France disclosed that hackers breached its network on November 13 and stole customer data from its ticket management platform.
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.