S.V.D.P. Management Inc., a San Diego-based nonprofit (501(c)(3)) providing affordable housing and support services for homeless individuals, suffered a major data breach discovered on July 29, 2025. Unauthorized actors accessed or acquired sensitive personally identifiable information (PII) between September 26, 2024, and October 12, 2024. The exposed data included names, Social Security numbers, financial account details, and driver’s license numbers of affected individuals, including at least 105 confirmed victims across Maine, Massachusetts, and Rhode Island. The breach prompted notifications to impacted parties and disclosures to multiple state Attorneys General (California, Massachusetts, Maine, Vermont). While the total scope remains undisclosed, the incident poses significant risks of identity theft, financial fraud, and long-term reputational harm to the organization and its beneficiaries. Legal investigations are underway, with affected individuals eligible for compensation, credit monitoring, and identity restoration services.
Source: https://www.claimdepot.com/investigations/st-vincent-de-paul-society-data-breach-2025
TPRM report: https://www.rankiteo.com/company/s-v-d-p-management-inc-
"id": "s-v5162151090425",
"linkid": "s-v-d-p-management-inc-",
"type": "Breach",
"date": "9/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 105 (18 in Maine, 68 '
'in Massachusetts, 19 in Rhode '
'Island); total unknown',
'industry': 'Affordable Housing / Social Services',
'location': 'San Diego, California, USA',
'name': 'S.V.D.P. Management Inc. (Father Joe’s '
'Villages)',
'type': 'Nonprofit Organization'},
{'industry': 'Social Services',
'location': 'San Diego, California, USA',
'name': 'St. Vincent de Paul Village Inc.',
'type': 'Related Nonprofit Entity'}],
'customer_advisories': 'Encouraged to enroll in free credit monitoring, '
'monitor accounts, and consider legal action',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access/acquisition '
'confirmed)',
'number_of_records_exposed': 'At least 105 (partial count; '
'total unknown)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Financial account '
'information',
'Driver’s license '
'number'],
'sensitivity_of_data': 'High (includes SSNs, financial '
'account info, driver’s license '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-07-29',
'date_publicly_disclosed': '2025-08-29',
'description': 'S.V.D.P. Management Inc. (Father Joe’s Villages), a nonprofit '
'organization based in San Diego, California, experienced a '
'data breach where unauthorized access to sensitive personally '
'identifiable information (PII) occurred between September 26, '
'2024, and October 12, 2024. The breach was discovered on July '
'29, 2025, and affected individuals were notified by mail '
'starting August 29, 2025. The exposed data includes names, '
'Social Security numbers, financial account information, and '
'driver’s license numbers. At least 105 individuals across '
'Maine, Massachusetts, and Rhode Island were confirmed as '
'impacted, though the total number of affected individuals has '
'not been disclosed. The organization offered free credit '
'monitoring and identity theft restoration services via '
'Episource.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII; class '
'action investigation initiated by '
'Shamis & Gentile P.A.',
'data_compromised': ['Name',
'Social Security number',
'Financial account information',
'Driver’s license number'],
'identity_theft_risk': 'High (PII including SSNs and financial '
'data exposed)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals; notifications to '
'California, Massachusetts, Maine, and '
'Vermont Attorneys General',
'payment_information_risk': 'High (financial account information '
'compromised)'},
'investigation_status': 'Ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'recommendations': ['Sign up for free credit monitoring (IDX via Episource)',
'Monitor financial statements for suspicious activity',
'Place a fraud alert with credit bureaus',
'Request free annual credit reports',
'Seek legal counsel for compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-08-29',
'source': 'S.V.D.P. Management Data Breach Notification '
'(Mail)'},
{'date_accessed': '2025-08-29 to 2025-09-03',
'source': 'California, Massachusetts, Maine, and Vermont '
'Attorneys General Disclosures'}],
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuits '
'(investigation by Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Notified Attorneys '
'General of California, '
'Massachusetts, Maine, '
'and Vermont (August 29 '
'– September 3, 2025)'},
'response': {'communication_strategy': 'Mail notifications to affected '
'individuals (starting August 29, '
'2025); disclosures to state Attorneys '
'General (California, Massachusetts, '
'Maine, Vermont)',
'incident_response_plan_activated': 'Yes (investigation '
'conducted post-discovery)',
'remediation_measures': 'Free IDX credit monitoring and identity '
'theft restoration services offered to '
'affected individuals',
'third_party_assistance': 'Episource (credit monitoring and '
'identity theft restoration services)'},
'stakeholder_advisories': 'Mail notifications to affected individuals; '
'disclosures to state Attorneys General',
'title': 'S.V.D.P. Management (Father Joe’s Villages) Data Breach',
'type': 'Data Breach'}