Berkeley Research Group suffers cyberattack amid acquisition deal

Berkeley Research Group (BRG), a management consulting firm based in Emeryville, California, has fallen victim to a cyberattack, according to a recent report from Bloomberg. The breach, which was identified on March 2, involved multiple ransomware notices from an unidentified hacker who claimed to have stolen data from BRG’s systems and encrypted files within the firm’s network.

In response to the attack, BRG has enlisted the assistance of Octillo Law, a cybersecurity-focused legal firm, as well as the cyber team at Booz Allen Hamilton, a renowned consulting and security firm. Both entities are working to assess the extent of the breach and manage the potential risks associated with the compromised data. Neither BRG nor the involved cybersecurity firms have publicly commented on the situation.

The cyberattack comes at a critical time for BRG, as the firm is in the process of selling a majority equity stake to TowerBrook Capital Partners. The acquisition is being financed through a $700 million leveraged loan sale, with Royal Bank of Canada leading the transaction alongside several other financial institutions. The deal is expected to be finalized in April, though it remains unclear whether the breach will impact the transaction.

The incident underscores the growing cybersecurity threats facing consulting firms, which routinely handle sensitive corporate and government data. While larger firms with extensive cybersecurity infrastructure may present greater challenges for hackers, major consultancies such as Deloitte in 2016 and EY in 2023 have still suffered significant breaches. Smaller firms that contract with government agencies are often even more vulnerable, as they may lack the robust cybersecurity defenses of their larger counterparts.