Payactiv Data Breach Exposes Sensitive User Data of 176k People

Published

October 2, 2025

Updated

October 16, 2025

Payactiv

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On April 3, 2025, Payactiv, a national provider of earned wage access and financial wellness services, experienced a cybersecurity incident that exposed sensitive consumer information. The breach, which continued until Aug. 20, 2025, was the result of unauthorized access to Payactiv’s network.

According to disclosures filed with the California, Maine, Montana, New Hampshire, Oregon, Texas, Washington, Massachusetts and Vermont Attorneys General, the company discovered unusual activity in its systems and, after a thorough investigation, determined on Sept. 12, 2025, that an unauthorized actor had viewed personal information stored within its network.

The types of information exposed in this incident included personally identifiable information (PII), such as names, Social Security numbers, addresses, and potentially other financial information. Payactiv began notifying affected individuals by mail on Sept. 29, 2025.

The cyberattack impacted at least 176,282 Payactiv users. Affected individuals includes 10,973 Texas residents, 118 in Maine, 18,085 Washington residents, 288 in Massachusetts, 174 in Montana and 54 in New Hampshire.

Payactiv's response

Upon discovering the breach, Payactiv immediately activated its incident response protocols and engaged third-party cybersecurity experts to investigate and contain the incident. The company also notified law enforcement to assist with the ongoing investigation.

To support those affected, Payactiv is offering complimentary credit monitoring and identity theft protection services through Epiq – Privacy Solutions ID. Impacted individuals are eligible for a free twelve or twenty-four month membership, which includes triple bureau credit monitoring, credit reports, credit scores, and proactive fraud assistance. Enrollment instructions and activation codes were provided directly to affected consumers.

Given the nature of the breach, it is important for those affected to remain vigilant. Payactiv encourages impacted individuals to:

Monitor account statements and credit reports for unauthorized activity
Consider placing a fraud alert or security freeze with the major credit bureaus
Take advantage of the free identity theft protection services offered
Report any suspected identity theft to the Federal Trade Commission, state Attorney General, and local law enforcement