Berkeley Research Group (BRG), a global consulting firm, suffered a ransomware attack in February 2025 by the Chaos ransomware gang, compromising sensitive data of 6,083 individuals, including Catholic clergy sex abuse survivors. The breach exposed names, Social Security numbers, tax IDs, financial/bank details (PINs, security codes, login credentials), payment card data, usernames, passwords, medical/health insurance records, and government-issued IDs (passports, driver’s licenses). BRG paid an undisclosed ransom to Chaos, which employs double extortion (demanding payment for data destruction and system restoration). The attack occurred between February 28 and March 2, 2025, with unauthorized access detected during an internal investigation. Victims were offered 24 months of free identity monitoring via Kroll. The breach highlights severe risks of identity theft, financial fraud, and reputational damage, given the highly sensitive nature of the exposed data, including legal and medical records linked to vulnerable groups.
TPRM report: https://www.rankiteo.com/company/berkeley-research-group-llc
"id": "ber1892818103125",
"linkid": "berkeley-research-group-llc",
"type": "Ransomware",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 6083,
'industry': ['Professional Services', 'Consulting'],
'location': {'headquarters': 'Emeryville, California, '
'USA',
'offices': '40 global offices'},
'name': 'Berkeley Research Group (BRG)',
'size': '1,600+ employees',
'type': 'Consulting Firm'},
{'location': 'USA',
'name': 'Catholic Clergy Sex Abuse Survivors (via US '
'Department of Justice)',
'type': 'Individuals'}],
'attack_vector': ['Phishing', 'Drive-by-Downloads'],
'customer_advisories': ['24 months of free identity monitoring via Kroll'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': 6083,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, financial, medical, and '
'government ID data)',
'type_of_data_compromised': ['Names',
'Social Security numbers',
'Tax ID numbers',
'Financial/bank account info '
'(including PINs, security '
'codes, login credentials)',
'Payment card numbers and '
'details',
'Usernames',
'Passwords',
'Medical info',
'Health insurance info',
'Government-issued ID numbers '
'(passport, driver’s license, '
'etc.)']},
'date_detected': '2025-03-02',
'date_publicly_disclosed': '2025-05-01',
'description': 'Berkeley Research Group (BRG) confirmed a ransomware attack '
'in February 2025 that compromised sensitive personal and '
'financial data of 6,083 individuals, including Catholic '
'clergy sex abuse survivors. The attack was attributed to the '
'Chaos ransomware group, and BRG paid an undisclosed ransom. '
'The breach exposed names, Social Security numbers, tax IDs, '
'financial/bank account details (including PINs and login '
'credentials), payment card information, usernames, passwords, '
'medical/health insurance data, and government-issued IDs. BRG '
'detected suspicious activity on March 2, 2025, and determined '
'the unauthorized access occurred from February 28 to March 2, '
'2025.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'downtime': True,
'identity_theft_risk': True,
'operational_impact': True,
'payment_information_risk': True,
'systems_affected': True},
'initial_access_broker': {'high_value_targets': ['Financial data',
'PII',
'Medical/health insurance '
'data']},
'investigation_status': 'Completed (as of May 2025 disclosure)',
'motivation': ['Financial Gain', 'Data Theft', 'Extortion'],
'post_incident_analysis': {'corrective_actions': ['Identity monitoring for '
'victims']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_paid': True,
'ransomware_strain': 'Chaos'},
'references': [{'source': 'Comparitech'},
{'source': 'Berkeley Research Group (BRG) Notice to Victims'},
{'source': 'US Department of Justice'}],
'regulatory_compliance': {'regulatory_notifications': ['US Department of '
'Justice (for Catholic '
'clergy sex abuse '
'survivors)']},
'response': {'communication_strategy': ['Notice to victims',
'Public disclosure'],
'containment_measures': ['Investigation launched immediately '
'upon detection'],
'incident_response_plan_activated': True,
'recovery_measures': ['24 months of free identity monitoring for '
'victims via Kroll'],
'third_party_assistance': ['Leading data security and privacy '
'professionals',
'Kroll (for identity monitoring)']},
'stakeholder_advisories': ['Notice to 6,083 affected individuals'],
'threat_actor': 'Chaos Ransomware Group',
'title': 'Berkeley Research Group Data Breach (February 2025)',
'type': ['Data Breach', 'Ransomware Attack']}