Salvation Army Data Breach Affects Thousands of Individuals

The Salvation Army, one of the world’s largest non-profit social service organizations, experienced a data breach possibly affecting thousands of employees and over one million volunteers. The breach was a ransomware attack by the Chaos ransomware group, posted on the dark web on or around March 28, 2025, with the threat that the data would be released soon.

The organization discovered the cybersecurity incident on May 24, 2025. An investigation was launched and on Aug. 8, 2025 it was determined that personally identifiable information (PII) was compromised in the data breach.

Exposed information included names, Social Security numbers, driver's license numbers and dates of birth. The Salvation Army began notifying affected individuals by mail on Aug. 27, 2025. The data breach was also disclosed to the Massachusetts, New Hampshire and Vermont Attorney Generals' offices between Aug. 27, 2025 and Aug. 29, 2025.

Salvation Army's response

In addition to the required state and federal disclosures, Salvation Army is offering impacted individuals 12 months of free single-bureau credit monitoring services. The organization has also notified law enforcement.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Salvation Army and enroll in free credit monitoring services.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

To learn more about the organization, visit the Salvation Army’s official site.