Data Breach Summary
On March 2, 2025, Berkeley Research Group (BRG), a California-based consulting firm, identified a significant cybersecurity breach that compromised sensitive data related to various Catholic diocesan and archdiocesan bankruptcy proceedings, in which the firm served as a financial advisor. The breach has raised serious concerns regarding the exposure of personal information belonging to individuals who allegedly suffered sexual abuse at the hands of catholic clergy members.
According to The Wall Street Journal, the Berkeley Research Group data breach, which is believed to have occurred between occurred between February 28 and March 2, 2025, involved a hacker posing as an IT staffer to deploy Chaos ransomware, ultimately demanding—and receiving—a ransom in exchange for allegedly destroying stolen data. However, experts caution that cybercriminals’ claims of data destruction “should not be believed.”
Subsequently, BRG paid an undisclosed ransom amount, receiving a “destruction log” from the hacker, who claimed that all stolen data had been deleted and would not be disclosed further. However, BRG has not detected any evidence of data distribution.
While the full extent of the breach is still under investigation, BRG has acknowledged that the compromised data of those affected by the data breach may include:
Names
Social Security numbers
Dates of birth
Addresses
Government-issued identification numbers (e.g., driver’s license, passport)
Medical information
Health insurance details
Financial account information (e.g., bank account numbers, credit/debit card details)
BRG’s involvement in bankruptcy proceedings for dioceses in cities such as New Orleans, Baltimore, and San Francisco has heightened concerns about the exposure of sensitive information. The compromised data includes confidential details about individuals who allegedly suffered sexual abuse, their identities, and aspects of their claims. The U.S. Department of Justice has expressed alarm over the breach, emphasizing the sensitivity of the information involved and questioning BRG’s delayed notification to affected parties.
If your personal information has been breached, it’s important to take immediate and proactive steps to minimize the potential impact and protect yourself from identity theft or fraud. Here are some general actions that you should consider taking:
Monitor Credit Reports: Check your credit reports regularly for suspicious activity.
Place a Fraud Alert or Credit Freeze: Set up a fraud alert or freeze your credit to prevent unauthorized access.
Monitor Financial Accounts: Review bank and credit card statements for unfamiliar transactions.
Watch for Phishing Scams: Be cautious of unsolicited requests for personal information.
Change Passwords: Update passwords for online accounts and use strong, unique ones.
Enable Two-Factor Authentication: Add an extra layer of security to online accounts.
Review Health and Insurance Info: Check for fraudulent charges if health data was exposed.
If you were impacted by the Berkeley Research Group data breach, you may have the right to seek compensation for the potential harm caused. Class Action U is dedicated to helping data breach victims connect with skilled attorneys who specialize in this area of law and can guide you through the legal process.
Individuals whose personal information was exposed may have valid grounds to join a class action lawsuit, allowing them to pursue restitution.
If your data was compromised, you could be entitled to compensation for:
Loss of privacy
Time spent resolving the breach
Out-of-pocket expenses
Emotional distress
By pursuing a class action lawsuit, you not only have the opportunity to recover damages but also help hold Berkeley Research Group accountable, potentially prompting them to strengthen their security measures. Reach out to Class Action U today to find out if you qualify for a data breach class action and learn more about the compensation you may be entitled to.
©2024 ClassActionU
