Payactiv Data Breach Exposes Sensitive User Data

On April 3, 2025, Payactiv, a national provider of earned wage access and financial wellness services, experienced a cybersecurity incident that exposed sensitive consumer information. The breach, which continued until Aug. 20, 2025, was the result of unauthorized access to Payactiv’s network.

According to disclosures filed with the Vermont and Montana Attorneys General, the company discovered unusual activity in its systems and, after a thorough investigation, determined on Sept. 12, 2025, that an unauthorized actor had viewed personal information stored within its network.

The types of information exposed in this incident included personally identifiable information (PII), such as names, addresses, and potentially other sensitive data elements. As of the most recent reports, at least 174 individuals in Montana were affected, with the total number of impacted consumers likely higher nationwide due to Payactiv’s broad client base. There is no indication that protected health information (PHI) was involved.

The breach was officially disclosed to the Vermont Attorney General’s office on Oct. 1, 2025, and to the Montana Attorney General’s office on Sept. 29, 2025.

Payactiv's response

Upon discovering the breach, Payactiv immediately activated its incident response protocols and engaged third-party cybersecurity experts to investigate and contain the incident. The company also notified law enforcement to assist with the ongoing investigation.

To support those affected, Payactiv is offering complimentary credit monitoring and identity theft protection services through Epiq – Privacy Solutions ID. Impacted individuals are eligible for a free twelve or twenty-four month membership, which includes triple bureau credit monitoring, credit reports, credit scores, and proactive fraud assistance. Enrollment instructions and activation codes were provided directly to affected consumers.

Given the nature of the breach, it is important for those affected to remain vigilant. Payactiv encourages impacted individuals to:

• Monitor account statements and credit reports for unauthorized activity
• Consider placing a fraud alert or security freeze with the major credit bureaus
• Take advantage of the free identity theft protection services offered
• Report any suspected identity theft to the Federal Trade Commission, state Attorney General, and local law enforcement

Contact information for the credit bureaus and additional guidance on protecting against identity theft were included in the official notice to consumers, which is available in PDF format at the bottom of this page.