Berkeley Research Group suffers data breach

Berkeley Research Group (BRG), an Emeryville, CA-headquartered management consulting firm, has suffered a cyberattack, according to a Bloomberg report.

BRG identified the breach on March 2 and received several ransomware notices, sources told Bloomberg. The hacker claimed they had stolen data from BRG’s systems and had encrypted files within the network.

The consulting firm has hired Octillo Law, a data security firm, and Booz Allen Hamilton’s cyber team to manage the data breach, according to a document viewed by Bloomberg.

BRG is in the process of selling a majority equity stake to TowerBrook Capital Partners. The acquisition is being financed with a $700-million leveraged loan sale led by Royal Bank of Canada alongside several other banks. It is expected to close in April.

BRG, TowerBrook, Octillo, and Booz Allen did not provide Bloomberg with a comment.

Ransomware payouts reached $813.5 million in 2024, down 35% from $1.25 billion in 2023, according to data from Chainalysis.

Consulting firms are premier targets for hackers because they handle large volumes of sensitive client data from large corporates and government entities. Though larger consultancies are harder targets than smaller firms because of their vaster cybersecurity resources, firms such as Deloitte (2016) and EY (2023) have nonetheless suffered significant breaches.

Smaller firms that contract with government agencies are particularly juicy targets because they have access to sensitive data and lack major cyber resources.

Hackers last year stole as many as 341,650 social security numbers through a data breach at Greylock McKinnon Associates, a Boston-based provider of economic and litigation consulting.