In recent legal filings, Berkeley Research Group LLC (BRG) has denied any liability in relation to a data breach that resulted in the exposure of sensitive information from 12 bankrupt Catholic dioceses. The firm, acting as a financial adviser to creditor committees representing clergy sex abuse victims in multiple Catholic diocese bankruptcies, is adamantly defending its security measures as “reasonable and adequate.” These statements were made in response to criticism from a Department of Justice unit, which characterized BRG’s actions during the breach as “deficient” and “inconsistent.”
This legal defense comes on the heels of BRG’s discovery of a ransomware attack on its systems, which was detected in late February. During the incident, a threat actor was able to infiltrate the firm’s network, accessing data pertaining to various bankrupt Catholic groups. Despite the breach, BRG contends that there is no conflict of interest that would warrant disqualification from its role in advising the creditor committees.
These court papers, filed on May 23, act as a formal rebuttal to the government attorneys’ suggestion of disqualification, maintaining that the ransomware incident does not impair BRG’s capability to continue its representation duties. The firm’s defense raises critical questions regarding the allocation of responsibility in cybersecurity breaches and the extent to which consulting firms can be held liable for third-party malicious activities.
For further insights and developments on this ongoing legal battle, you can read more about the consulting firm’s stance here.