Daniel Payne reports:
The U.S. Department of Justice says a recent data breach of a California consulting firm exposed data of Catholic clergy abuse survivors in nearly a dozen bankruptcy lawsuits.
In a May 6 letter addressed to attorneys at law firm Proskauer Rose LLP, the Justice Department’s Nan Eitel, the associate general counsel for Chapter 11 practice in the Executive Office for United States Trustees, said that late last month multiple government trustees received notice of a data breach at Berkeley Research Group (BRG).
The Emeryville, California-based BRG offers corporate finance and economic consulting, including to Catholic dioceses in bankruptcy proceedings. The government’s letter said the data breach had occurred on March 2 but that trustees were only first informed on April 28.
Read more at Catholic News Agency.
On March 6, Bloomberg reported that BRG had suffered a cyberattack:
Berkeley Research Group suffered a cyberattack last week, according to people with knowledge of the matter, just as banks have been looking to wrap up a debt sale that would finance the consulting firm’s buyout by TowerBrook Capital Partners.
The firm discovered its systems had been breached on March 2, and received several ransomware notices from a hacker, according to the people, who asked not to be identified discussing a private transaction. The hacker claimed they had taken data from BRG’s systems and had encrypted files within its network, the people added.
BRG has hired data-security firm Octillo Law as well as Booz Allen Hamilton Inc.’s cyber team to deal with the breach, according to a notice sent to the company’s prospective loan investors and seen by Bloomberg News.
But while Bloomberg reported the news, it seems that BRG wasn’t notifying its clients promptly, with some claiming that they were not notified until April 28.
No ransomware gang has publicly claimed responsibility for this attack, and reading the government’s letter to Proskauer Rose, it seems clear that the government is very concerned about — and unhappy with — BRG’s incident response. Reporting by WSJ this week indicates the Proskauer Rose is representing the firm in court.
WSJ‘s report provides some additional details on the attack:
In its notification letters, BRG said the hacker accessed the data by posing as an internal IT worker on Microsoft Teams to log on to a worker’s laptop. Once inside the system, the hacker deployed a variant of Chaos ransomware and demanded payment in return for deleting stolen data, the firm said.
The firm said it paid the hacker an undisclosed amount.
After the payment was made, the hacker provided a “destruction log” and stated that any data gathered in the attack “has since been deleted and will not be disclosed further,” BRG said. To date, the firm said, it has “not detected any evidence of the distribution of any implicated materials.”
As always, DataBreaches reminds people that a criminal’s claims of data destruction should not be believed.
Read more at WSJ.