## Children’s Council of San Francisco Breach Exposes PHI of Over 12,000
A ransomware attack has compromised the sensitive personal data of more than 12,000 individuals connected to the Children’s Council of San Francisco. The breach, which began as a network disruption on August 3, 2025, was later confirmed to involve unauthorized access and the acquisition of protected health information (PHI), including names and Social Security numbers. The nonprofit organization has notified 12,655 affected people but has not disclosed the attackers' entry method or whether the stolen data includes information belonging to the children it serves.

Two weeks after the initial incident, the ransomware group known as SafePay listed the Children’s Council on its leak site, confirming the criminal acquisition of the data. This public claim by the threat actors intensifies the risk of identity theft and fraud for the victims, moving the event beyond a simple IT disruption to an active data extortion scenario. The organization's delayed public determination of data theft, following the initial network issue, highlights potential gaps in its initial incident response and forensic capabilities.

The exposure of Social Security numbers, a key identifier for financial fraud, places significant pressure on the nonprofit to provide robust credit monitoring and identity protection services to those affected. As a community organization handling sensitive family and child data, the breach also invites scrutiny from regulators and could undermine trust in its essential services. The involvement of a named ransomware group suggests the data may be leveraged for further attacks or sold on criminal forums, creating a prolonged tail risk for the victims long after the initial breach notification.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: data breach, ransomware, PHI, nonprofit, SafePay
- **Credibility**: unverified
- **Published**: 2026-04-03 21:27:14
- **ID**: 49528
- **URL**: https://whisperx.ai/en/intel/49528