Data Breach Hits Pajemploi Service Impacting Up to 1.2 Million Users

On November 14, 2025, the Pajemploi service, which facilitates declarations and payments for childminders and home-based childcare providers, experienced a major data breach potentially exposing personal information of up to 1.2 million employees, according to Urssaf's announcement on November 17. The compromised data includes sensitive details such as names, birth dates and places, postal addresses, social security numbers, bank institution names, Pajemploi registration numbers, and approval numbers. Critically, no banking account numbers, email addresses, phone numbers, or login passwords were affected by this breach.

Urssaf, the organization managing Pajemploi, clarified that the incident is limited exclusively to the Pajemploi service and did not impair its operational functionality or the processing of salary declarations and payments. They have reported the breach to the National Commission for Information Technology and Civil Liberties (CNIL) and the National Cybersecurity Agency of France (ANSSI), and intend to file a criminal complaint with the public prosecutor.

In response, Urssaf has expressed its apologies for this violation of data confidentiality and pledged to strengthen its security measures to protect entrusted information better. The organization also advised all users to remain vigilant to potential fraud attempts via emails, SMS, or phone calls in the aftermath of this incident.

Pajemploi serves as a critical platform simplifying how parents employ registered childminders or babysitters by handling salary declarations, making the breach a significant concern for affected families and workers. Fortunately, the breach was detected promptly, and the vulnerability has been resolved without causing service disruptions.

According to Le Figaro and Libération, Urssaf's proactive disclosure aims to ensure transparency and support for users potentially impacted by this unprecedented breach.