The Salvation Army, one of the world’s largest non-profit social service organizations, experienced a data breach possibly affecting thousands of employees and over one million volunteers. The breach was a ransomware attack by the Chaos ransomware group, posted on the dark web on or around March 28, 2025, with the threat that the data would be released soon.
The organization discovered the cybersecurity incident on May 24, 2025. An investigation was launched and on Aug. 8, 2025 it was determined that personally identifiable information (PII) was compromised in the data breach.
Exposed information included names, Social Security numbers, driver's license numbers and dates of birth. The Salvation Army began notifying affected individuals by mail on Aug. 27, 2025. The data breach was also disclosed to the Massachusetts, New Hampshire and Vermont Attorney Generals' offices between Aug. 27, 2025 and Aug. 29, 2025.
In addition to the required state and federal disclosures, Salvation Army is offering impacted individuals 12 months of free single-bureau credit monitoring services. The organization has also notified law enforcement.
If you believe your personal information may have been compromised in this breach:
To learn more about the organization, visit the Salvation Army’s official site.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.