The Salvation Army is sending data breach letters to victims of a May 2025 data breach that leaked their names, Social Security numbers, and driver’s license numbers.
“On or about May 24, 2025, we detected a network security incident, in which an unauthorized third-party accessed our network environment,” says the letter (PDF), which was posted by the Vermont attorney general and dated August 27, 2025. “Our investigation, which concluded on August 8, 2025, determined that an unauthorized third party acquired certain individual personal information during this incident.”
Ransomware group Chaos claimed responsibility for the data breach at the end of May. In a post on its data leak site, Chaos says, “Data will be released soon.”
The Salvation Army has not verified Chaos’ claim. We do not know how many people the Salvation Army notified, if the Salvation Army paid a ransom, how much Chaos demanded, or how attackers breached the Salvation Army’s network. Comparitech contacted the Salvation Army for comment and will update this article if it replies.
The Salvation Army is offering eligible victims 12 months of free credit monitoring through TransUnion. Coincidentally, TransUnion today reported a data breach of its own that compromised the personal information of 4.4 million people.
Who is Chaos?
Chaos is a ransomware gang that first surfaced in 2021 but didn’t start claiming victims on its data leak site until March 2025. The group attacks both individuals and organizations through drive-by-downloads and phishing. It employs a double-extortion scheme in which organizations are extorted both for stolen data and to restore infected systems.
Chaos has taken credit for three other confirmed ransomware attacks and made eight more unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
Other than the Salvation Army, Chaos’ other two confirmed attack claims include:
- Optima Tax Relief notified 3,114 people of a May 2025 data breach
- IES Communications notified 6,241 people of a March 2025 data breach
Ransomware attacks can lock down computer systems and steal data. Infected organizations must pay a ransom or face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
Ransomware attack statistics
In 2025 to date, Comparitech researchers have logged 632 confirmed ransomware attacks compromising 28.8 million records. The average ransom demand is $1.7 million.
The Salvation Army is not the first ransomware attack on a charitable organization. Earlier this year, Welthungerhilfe, a German non-profit aid organization, received a $2.15 million ransom demand from ransomware group Rhysida.
We’ve recorded another 3,955 unconfirmed attack claims made by ransomware groups this year so far that haven’t been acknowledged by the targeted organizations.
About the Salvation Army
Headquartered in London, the Salvation Army is a Christian international charity. It reports having 1.7 million members across 133 countries who run charity shops, homeless shelters, disaster relief, and humanitarian aid.
