Payactiv

Payactiv, a provider of Earned Wage Access (EWA) and financial wellness services, suffered a data breach after detecting suspicious network activity. An investigation confirmed that a cybercriminal accessed and viewed sensitive personal information stored in its systems. The breach, discovered and reviewed by September 12, 2025, exposed critical data of several thousand users, including names, contact details, dates of birth, Social Security numbers, health/medical information, and financial account numbers. The compromised data poses significant risks of identity theft and fraud for affected individuals. Payactiv reported the incident to the Vermont Attorney General’s office on October 1, 2025, and began notifying impacted users via mail. In response, the company secured its systems, involved law enforcement, and offered free credit monitoring and identity theft protection services through Epiq Privacy Solutions. Users were advised to monitor financial accounts, watch for phishing attempts, and consider fraud alerts or credit freezes.

Source: https://www.claimdepot.com/data-breach/payactiv-2025

TPRM report: https://www.rankiteo.com/company/payactiv-inc-

"id": "pay3594735100225",
"linkid": "payactiv-inc-",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'customers_affected': 'Several thousand (exact number '
                                              'undisclosed)',
                        'industry': 'Financial Services (Earned Wage Access & '
                                    'Financial Wellness)',
                        'name': 'Payactiv',
                        'type': 'Private Company'}],
 'customer_advisories': 'Notified via mail; offered free credit monitoring and '
                        'identity theft protection (Epiq Privacy Solutions).',
 'data_breach': {'data_exfiltration': 'Likely (data was accessed and viewed by '
                                      'cybercriminal)',
                 'number_of_records_exposed': 'Several thousand (exact number '
                                              'undisclosed)',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (includes SSNs, health, and '
                                        'financial data)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Protected Health Information '
                                              '(PHI)',
                                              'Financial Information']},
 'date_publicly_disclosed': '2025-10-01',
 'description': 'Payactiv, a leading provider of Earned Wage Access (EWA) and '
                'financial wellness services, experienced a data breach where '
                'a cybercriminal accessed and viewed personal information '
                'stored within its systems. Exposed information may include '
                'names, contact information, dates of birth, Social Security '
                'numbers, health information, medical information, and '
                'financial account numbers, putting affected individuals at '
                'risk for identity theft and fraud.',
 'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
                                       'exposure of sensitive personal data',
            'data_compromised': ['Names',
                                 'Contact information',
                                 'Dates of birth',
                                 'Social Security numbers',
                                 'Health information',
                                 'Medical information',
                                 'Financial account numbers'],
            'identity_theft_risk': 'High (due to exposure of SSNs, financial, '
                                   'and health data)',
            'payment_information_risk': 'High (financial account numbers '
                                        'exposed)'},
 'investigation_status': 'Completed (review finalized on 2025-09-12)',
 'recommendations': ['Sign up for free credit monitoring and identity theft '
                     'protection services (Epiq Privacy Solutions).',
                     'Monitor credit reports and financial accounts for '
                     'unusual activity.',
                     'Be alert for phishing attempts using exposed '
                     'information.',
                     'Consider placing a fraud alert or credit freeze with '
                     'major credit bureaus.'],
 'references': [{'source': 'Payactiv Official Website'},
                {'date_accessed': '2025-10-01',
                 'source': "Vermont Attorney General's Office Disclosure"}],
 'regulatory_compliance': {'regulatory_notifications': 'Disclosed to Vermont '
                                                       "Attorney General's "
                                                       'office; state and '
                                                       'federal disclosures '
                                                       'made'},
 'response': {'communication_strategy': 'Notified impacted individuals by '
                                        'mail; disclosed to Vermont Attorney '
                                        "General's office",
              'containment_measures': 'Secured its systems (specifics '
                                      'undisclosed)',
              'incident_response_plan_activated': True,
              'law_enforcement_notified': True},
 'threat_actor': 'Cybercriminal',
 'title': 'Payactiv Data Breach',
 'type': 'Data Breach'}