Urssaf Hit by Major Cyberattack Affecting 1.2 Million in France
France’s social charges body, Urssaf, has disclosed a significant cyberattack targeting the Pajemploi service, which facilitates payments to childminders. The breach, detected on November 14, may have exposed the personal data of up to 1.2 million employees of private employers using the platform.
Compromised data includes:
- Full names
- Dates and places of birth
- Addresses
- Social security numbers
- Bank names
- Pajemploi and accreditation numbers
Urssaf confirmed that bank account details (IBANs), email addresses, phone numbers, and login passwords were not accessed. The agency acted swiftly to contain the breach, reporting the incident to France’s data protection authority (CNIL), the national cybersecurity agency, and filing a criminal complaint.
While the Pajemploi system remains operational, Urssaf warned of potential phishing scams as hackers may sell the stolen data to fraudsters. Scammers could impersonate officials, using the leaked information to deceive victims into urgent, fraudulent actions.
Affected individuals will be contacted directly by Urssaf, which has set up a dedicated email (pajemploi.donnees.personnelles@urssaf.fr) and phone line (0809 541 896) for inquiries. The agency continues to investigate the breach and reinforce its security measures.
Urssaf Caisse nationale cybersecurity rating report: https://www.rankiteo.com/company/urssaf-caisse-nationale
"id": "URS1773973471",
"linkid": "urssaf-caisse-nationale",
"type": "Breach",
"date": "11/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.2 million employees of '
'private employers',
'industry': 'Social Security / Childcare Payments',
'location': 'France',
'name': 'Urssaf (Pajemploi service)',
'type': 'Government Agency'}],
'customer_advisories': 'Affected individuals contacted directly; dedicated '
'email and phone line provided',
'data_breach': {'number_of_records_exposed': '1.2 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Full names',
'Dates and places of birth',
'Addresses',
'Social security numbers',
'Bank names',
'Pajemploi and accreditation '
'numbers']},
'date_detected': '2023-11-14',
'description': 'France’s social charges body, Urssaf, disclosed a significant '
'cyberattack targeting the Pajemploi service, which '
'facilitates payments to childminders. The breach may have '
'exposed the personal data of up to 1.2 million employees of '
'private employers using the platform.',
'impact': {'data_compromised': 'Personal data of up to 1.2 million employees',
'identity_theft_risk': 'High due to exposure of sensitive personal '
'data',
'operational_impact': 'Pajemploi system remains operational',
'payment_information_risk': 'None (IBANs not accessed)',
'systems_affected': 'Pajemploi service'},
'initial_access_broker': {'data_sold_on_dark_web': 'Potential (not '
'confirmed)'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Reinforcing security '
'measures'},
'recommendations': 'Affected individuals advised to be cautious of phishing '
'scams',
'references': [{'source': 'Urssaf Public Disclosure'}],
'regulatory_compliance': {'regulatory_notifications': ['CNIL (France’s data '
'protection authority)',
'National '
'cybersecurity '
'agency']},
'response': {'communication_strategy': 'Direct contact with affected '
'individuals, dedicated email and '
'phone line',
'containment_measures': 'Swift action to contain the breach',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (criminal complaint filed)',
'remediation_measures': 'Reinforcing security measures'},
'stakeholder_advisories': 'Potential phishing scams warned',
'title': 'Urssaf Cyberattack Affecting Pajemploi Service',
'type': 'Data Breach'}