CNA reports that the U.S. Department of Justice (DOJ) states that recent data breach of a California consulting firm exposed data of Catholic clergy abuse survivors in nearly a dozen bankruptcy lawsuits. In a May 6 letter, which is embedded below and originally appeared on Catholic News Agency, the DOJ informs a law firm about the breach involving Berkeley Research Group (BRG):
On April 28, 2025, multiple United States Trustees began receiving a BRG “Incident Update” (not an “update” but the first notice) that alerted them for the first time that BRG had suffered a cybersecurity incident and data breach discovered almost two months earlier, on March 2, that affected multiple chapter 11 cases (“affected cases”) and the security of data maintained by BRG in its role as a financial advisor to official committees in those cases. Although such a largescale data breach would be of concern to the United States Trustee in any bankruptcy case, that the breach occurred in archdiocesan and diocesan cases—where the claims information of sexual abuse survivors is the most sensitive and confidential of all information—is very concerning.
The specific cases are cited in the full letter, below.
