Pajemploi data breach exposes personal information of 1.2 million childcare workers

Pajemploi, a French social security service that supported parents and home-based childcare providers, suffered a data breach that exposed personal information belonging to as many as 1.2 million individuals. The incident affected professional caregivers employed by private households that used Pajemploi, a service operated under URSSAF, the national agency that collected social security contributions.

The cyberattack was detected on November 14 and involved the theft of confidential data tied to employees working for private employers. The compromised information included full names, places of birth, postal addresses, Social Security numbers, banking institution names, Pajemploi identification numbers, and accreditation numbers. Bank account numbers, email addresses, phone numbers, and account passwords remained secure and were not accessed during the intrusion.

Pajemploi began notifying each affected person individually. The breach did not disrupt the agency’s operations, and services such as salary payments and processing of employer declarations continued without interruption.

After discovering the intrusion, the organization took immediate steps to halt the attack and secure its information systems. The French Data Protection Authority (CNIL) and the National Agency for the Security of Information Systems (ANSSI) were notified.

URSSAF urged individuals to exercise increased vigilance due to the heightened risk of fraudulent emails, text messages, or phone calls that could leverage the stolen data.

No ransomware group claimed responsibility for the attack at the time of publication. France continued to face a wave of large-scale cybersecurity incidents in recent months. In March 2024, France Travail, the public agency responsible for registering unemployed individuals and assisting job seekers, experienced a breach that exposed the personal information of 43 million people. Over the same weekend as the Pajemploi incident, Eurofiber France disclosed that hackers infiltrated its network on November 13 and stole customer data from its ticket management platform.