Skip to main content
A mouse cursor pointing to a "security" icon on a computer screen

CHP 11-99 Foundation Data Breach in California: Your Legal Rights Explained | The Lyon Firm

Written by Joseph Lyon on . Posted in Data Breach.

Members of the CHP 11-99 Foundation—a charitable organization dedicated to supporting California Highway Patrol officers and their families—now find themselves victims of a preventable cybersecurity incident. This breach raises serious questions about how the foundation handled sensitive donor and member information. Contact our data breach lawyers to learn more and to start minimizing your privacy risks

How the CHP 11-99 Breach Unfolded

The breach originated with what should have been a routine security check. On September 16, 2025, a vigilant foundation staff member received a suspicious email and forwarded it to their external service provider’s help desk for verification. Instead of containing the threat, the help desk’s response inadvertently enabled cybercriminals to compromise the employee’s entire email account.

The attack went undetected for over a week. The foundation only discovered the breach on September 24, 2025, when the same hacker attempted to use the compromised email account to launch a phishing attack against the very help desk that had initially responded to the security concern. The irony is striking—the organization’s security vendor only detected the intrusion when they themselves became the target.

This delay in detection allowed hackers unfettered access to years of sensitive member and donor information.

What Member Information Was Exposed?

The investigation revealed that attackers had complete access to the compromised email account, including all folders and attached documents. Based on the foundation’s disclosure to the California Attorney General, the exposed information potentially includes:

  • Membership application forms containing personal details
  • Payment information from merchandise purchases
  • Financial data from donation transactions
  • Names, addresses, and contact information
  • Potentially Social Security numbers and driver’s license data
  • Credit card and banking details

For an organization that exists to support law enforcement families, this security failure represents a particularly troubling breach of trust. Members who joined to contribute to a worthy cause now face potential identity theft and financial fraud.

Delayed Notification Compounds the Problem

Perhaps more concerning than the breach itself is the timeline of disclosure. The incident occurred on September 16, 2025, but affected individuals didn’t receive notification until January 2026—more than four months later. This delay is especially problematic given California’s new data breach notification requirements that took effect January 1, 2026.

Under California’s updated law, organizations must now notify affected individuals within 30 days of discovering a breach. While the CHP 11-99 Foundation breach occurred before this stricter deadline took effect, the lengthy delay still raises questions about whether the organization acted with appropriate urgency.

The longer victims go without notification, the more opportunity criminals have to exploit stolen information before protective measures can be implemented.

Understanding Your Legal Rights as a Breach Victim

California has some of the strongest consumer privacy protections in the nation. Organizations that collect and store personal information have a legal duty to implement reasonable security measures to safeguard that data. When they fail in this responsibility, they can be held accountable for resulting harm.

Victims of the CHP 11-99 Foundation data breach may have grounds to pursue compensation for:

  • Costs of credit monitoring beyond any complimentary period offered
  • Time spent monitoring accounts and addressing fraudulent activity
  • Expenses related to identity theft recovery
  • Unauthorized charges or fraudulent transactions
  • Anxiety, stress, and loss of privacy
  • Diminished value of personal information now in criminal hands

Why The Lyon Firm Is Your Best Choice for Data Breach Justice

At The Lyon Firm, we recognize that data breaches affect real people, not just statistics in a database. Your membership in the CHP 11-99 Foundation came from a desire to support California’s highway patrol officers and their families. You shouldn’t be punished for that generosity with years of identity theft worry.

Our data breach attorneys have extensive experience holding organizations accountable when they fail to protect the personal information entrusted to them. We understand the technical aspects of cybersecurity incidents, the legal obligations organizations must meet, and how to prove when those duties have been breached.

Don’t let the CHP 11-99 Foundation’s security failure dictate your financial future. Contact The Lyon Firm today for a completely free, no-obligation consultation. Call now or visit our website to speak with an experienced data breach attorney who will fight to protect your rights and secure the compensation you deserve.