Skip to content
Data breachContained

Leak at Pajemploi

In November 2025, Pajemploi — the Urssaf service used by French households to declare and pay childcare workers — disclosed a data theft affecting up to 1.2 million employees, exposing names, social security numbers, dates/places of birth, postal addresses and Pajemploi/accreditation numbers.

Victim
Pajemploi
records
1.2M

On 17 November 2025, Pajemploi — the Urssaf-run public service French households use to declare and pay registered childcare assistants and in-home nannies — disclosed that it had been the victim of a data theft. The breach affected the personal data of employees (the childcare workers themselves), not their employers, with up to 1.2 million people potentially concerned.

The way the attackers gained access to the system has not been publicly disclosed. Urssaf stated that the incident had no impact on the operation of the Pajemploi service and did not disrupt the processing of declarations or salary payments.

The exposed data was limited to identity and administrative records. According to Urssaf, the following categories were potentially extracted:

  • First and last name
  • Social security number
  • Date and place of birth
  • Postal address
  • Name of the banking institution
  • Pajemploi number and accreditation (agrément) number

Crucially, Urssaf confirmed that bank account numbers (IBAN), email addresses, phone numbers and login passwords were not compromised.

Urssaf notified France's data-protection authority (CNIL) and the national cybersecurity agency (ANSSI), launched an internal investigation and indicated that a criminal complaint would be filed. Affected individuals were to be contacted individually and urged to remain vigilant against potential identity-theft and fraud attempts.

Sources

  1. urssaf.frhttps://www.urssaf.fr/accueil/actualites/pajemploi-vol-de-donnees.html
  2. franceinfo.frhttps://www.franceinfo.fr/economie/emploi/vol-de-donnees-1-2-million-d-usagers-de-pajemploi-concernes_7622711.html
  3. usine-digitale.frhttps://www.usine-digitale.fr/article/chez-l-urssaf-le-service-pajemploi-victime-d-un-vol-de-donnees-concernant-jusqu-a-1-2-million-de-salaries.N2241519
  4. journaldugeek.comhttps://www.journaldugeek.com/2025/11/17/pajemploi-victime-dun-vol-massif-de-donnees-faites-vous-partie-des-12-million-de-salaries-concernes/

Related incidents

Data breachUnknown

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim
justice.fr
Data breachContained

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

Victim
French Ministry of Sports
Data breachContained

Leak at the French Ministry of the Interior

In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

Victim
French Ministry of the Interior