Cyber Incident Victim: Berkeley Research Group

Berkeley Research Group discovered that itssystems had been breached on March 2, 2025, after noticing unusual activity and receiving several ransomware notices from an unidentified hacker. The hacker claimed to have exfiltrated data from BRG’s network and to have encrypted files within the environment. In response, BRG engaged the data‑security firm Octillo Law and the cyber team from Booz Allen Hamilton to assist with incident response. According to a memo sent to prospective loan investors and viewed by Bloomberg News, the BRG IT team worked around the clock with substantial support from Booz Allen to restore the network, analyze how the attack was carried out, and return to service any data that had not been encrypted by the threat actor. The memo noted that BRG carries comprehensive cyber insurance, although it did not specify the types of data affected or the overall scope of the compromise. Neither BRG nor its hired consultants provided public comment on the incident when approached for comment.

The cyberattack occurred as a group of banks led by the Royal Bank of Canada was marketing a $700 million leveraged loan intended to finance Towerbrook Capital Partners’ acquisition of a majority equity stake in BRG, a deal announced the previous month and expected to close in April according to Moody’s Ratings. The loan commitments, priced at 3.25 percentage points above the Secured Overnight Financing rate, were originally due on March 6 but were moved up to March 5 at 12 p.m. New York time following the breach. On the Monday immediately after the attack, the syndicate asked prospective investors to decide by Wednesday whether they would purchase the loan, and BRG informed those investors of the cyber incident on that Wednesday, around the time the loan was due. Some of the prospective buyers expressed concern that the attack could disrupt BRG’s business operations. BRG continues to advise clients on tax, arbitration and bankruptcy matters, including the US‑based operator of Forever 21 as it prepares for a potential bankruptcy filing, and previously served as adviser to Conn’s Inc., which filed for bankruptcy protection in the prior year.

The article places the BRG incident in a broader context of rising ransomware threats, noting that ransomware groups received roughly $813.5 million in payments from victims in 2024, down from a record $1.25 billion in 2023 according to Chainalysis. It references the heightened law‑enforcement focus on ransomware after the 2021 Colonial Pipeline breach that caused fuel shortages across the United States. British and American authorities had, a year before the article’s publication, seized websites and servers linked to the LockBit ransomware group, which has been associated with attacks on Boeing, the UK Royal Mail and the Industrial & Commercial Bank of China. The piece also cites the June 2024 cyberattack on CDK Global, a major software provider for US car dealerships, which forced the shutdown of all its systems, disrupted roughly 15,000 dealerships, led to ransom demands in the tens of millions of dollars and triggered federal lawsuits alleging exposure of personal consumer data. These examples are provided to illustrate the potential scale and consequences of ransomware incidents for companies similar to BRG.