CHP 11-99 Foundation Data Breach Exposes SSNs

On Sept. 16, 2025, the CHP 11-99 Foundation, a nonprofit organization supporting California Highway Patrol employees and their families, experienced a data breach.

The incident began when a staff member received a suspicious email and, following internal protocol, forwarded it to the foundation’s external IT service provider for inspection. The service provider mistakenly identified the email link as safe. Trusting this assessment, the staff member clicked the link, which led to a compromise of their email account.

The breach was discovered on or about Sept. 24, 2025, when the attacker used the compromised email account to attempt a phishing attack on the service provider itself. This activity triggered detection and prompted an investigation.

The attacker had full access to the staff member’s email account, including all folders and attached documents. This access exposed a wide range of sensitive information contained in membership applications, merchandise purchases and payment forms.

The types of information exposed include names, addresses, email addresses, Social Security numbers, bank and credit card information, driver’s license numbers and other personally identifiable information (PII).

Starting on Jan. 20, 2026, the incident was reported to the attorneys general offices of California and New Hampshire.

The breach affected an undisclosed number of individuals nationwide, with at least one confirmed affected individual in New Hampshire.

CHP 11-99 Foundation's response

Upon discovering the incident, the foundation began working with an incident response vendor to investigate and contain the breach. They took several steps to secure their systems, including implementing multifactor authentication, changing passwords and reviewing security protocols.

To support those affected, CHP 11-99 Foundation is offering complimentary identity monitoring services through Kroll for 12 months. This service includes credit monitoring, identity theft restoration and fraud consultation.

Individuals who may have been impacted are encouraged to activate these services promptly and remain vigilant for suspicious activity, such as phishing emails or unauthorized transactions. The foundation has provided a dedicated phone line for questions and further assistance.

Given the nature of the breach, affected individuals should carefully monitor their financial accounts and credit reports. Placing a security freeze on credit files with the major credit bureaus is also recommended to help prevent identity theft.