The Salvation Army is notifying victims of a May 2025 data breach that leaked names, Social Security Numbers, and driver’s license numbers. Ransomware group Chaos claimed responsibility for the data breach at the end of May. The Salvation Army has not verified Chaos’ claim.
Commenting on this is Paul Bischoff, Consumer Privacy Advocate at Comparitech:
“Chaos is a ransomware gang that first surfaced in 2021 but didn’t start claiming victims on its data leak site until March 2025. The group attacks both individuals and organizations through drive-by-downloads and phishing. It employs a double-extortion scheme in which organizations are extorted both for stolen data and to restore infected systems. Chaos has taken credit for three other confirmed ransomware attacks and made eight more unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.”
“In 2025 to date, Comparitech researchers have logged 632 confirmed ransomware attacks compromising 28.8 million records. The average ransom demand is $1.7 million. The Salvation Army is not the first ransomware attack on a charitable organization. Earlier this year, Welthungerhilfe, a German non-profit aid organization, received a $2.15 million ransom demand from ransomware group Rhysida. We’ve recorded another 3,955 unconfirmed attack claims made by ransomware groups this year so far that haven’t been acknowledged by the targeted organizations.”
This is particularly bad as the victims in this case are kind of vulnerable and are more likely to be victims of secondary attacks that are launched by threat actors. Hopefully these victims are in a place where they are not taken advantage of.
Like this:
Like Loading...
Related
This entry was posted on August 29, 2025 at 11:43 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Salvation Army notifies victims of data breach that leaked Social Security Numbers
The Salvation Army is notifying victims of a May 2025 data breach that leaked names, Social Security Numbers, and driver’s license numbers. Ransomware group Chaos claimed responsibility for the data breach at the end of May. The Salvation Army has not verified Chaos’ claim.
Commenting on this is Paul Bischoff, Consumer Privacy Advocate at Comparitech:
“Chaos is a ransomware gang that first surfaced in 2021 but didn’t start claiming victims on its data leak site until March 2025. The group attacks both individuals and organizations through drive-by-downloads and phishing. It employs a double-extortion scheme in which organizations are extorted both for stolen data and to restore infected systems. Chaos has taken credit for three other confirmed ransomware attacks and made eight more unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.”
“In 2025 to date, Comparitech researchers have logged 632 confirmed ransomware attacks compromising 28.8 million records. The average ransom demand is $1.7 million. The Salvation Army is not the first ransomware attack on a charitable organization. Earlier this year, Welthungerhilfe, a German non-profit aid organization, received a $2.15 million ransom demand from ransomware group Rhysida. We’ve recorded another 3,955 unconfirmed attack claims made by ransomware groups this year so far that haven’t been acknowledged by the targeted organizations.”
This is particularly bad as the victims in this case are kind of vulnerable and are more likely to be victims of secondary attacks that are launched by threat actors. Hopefully these victims are in a place where they are not taken advantage of.
Share this:
Like this:
Related
This entry was posted on August 29, 2025 at 11:43 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.