Salvation Army Data Breach Affects Thousands of Individuals

The Salvation Army, one of the world’s largest non-profit social service organizations, experienced a data breach possibly affecting thousands of employees and over one million volunteers. The breach was a ransomware attack by the Chaos ransomware group, posted on the dark web on or around March 28, 2025, with the threat that the data would be released soon.

This type of cybersecurity incident may compromise personally identifiable information (PII) which could include names, dates of birth, Social Security numbers, contact information, and other sensitive employee and volunteer data.

Salvation Army's response

In addition to the required state and federal disclosures, Salvation Army will work to identify and then notify affected employees and volunteers with the data breach details.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Salvation Army.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

To learn more about the organization, visit the Salvation Army’s official site.