Children’s Council SF Data Breach Affects 12k People

On Feb. 23, 2026, Children’s Council of San Francisco, a nonprofit in early childhood education and family support, discovered a data breach that affected 12,655 individuals across the United States, including ten people in Massachusetts, one person in Maine, and one person in New Hampshire.

The incident began on Aug. 3, 2025, when Children’s Council of San Francisco experienced a network disruption. Cybersecurity experts were engaged to investigate, and it was determined that an unknown actor had accessed and acquired certain data without authorization.

A third-party vendor was then brought in to conduct a comprehensive review of the affected data to determine the scope of personal information involved.

The breach was the result of unauthorized access to the organization’s network. On Aug. 19, 2025, the ransomware group SAFEPAY claimed responsibility for the attack, posting on the tor network that they had obtained sensitive data from the organization's network.

The breach exposed sensitive personally identifiable information including names, Social Security numbers, driver's license number, state ID number, tax identification number, USCIS/alien registration number, passport number, personal medical information, health insurance ID number, and health insurance.

Written notifications were sent to those impacted on Mar. 2, 2026. Starting on Mar. 3, 2026, the breach was also disclosed to the attorneys general offices of California, Maine, Massachusetts, New Hampshire, and Vermont.

Children’s Council of San Francisco's response

To help mitigate the risk to affected individuals, the organization is offering complimentary credit monitoring and identity theft protection services through Cyberscout, a TransUnion company. These services include proactive fraud assistance, a $1 million identity theft insurance policy, and twelve months of credit monitoring alerts.

Affected individuals are encouraged to enroll in these services within 90 days of receiving their notification letter to take full advantage of the protections offered.

Given the exposure of Social Security numbers, it is especially important for those affected to remain vigilant. Recommended actions include reviewing account statements, monitoring credit reports for suspicious activity, placing fraud alerts or security freezes with credit bureaus, and considering obtaining an IRS Identity Protection PIN to prevent tax-related identity theft.