Berkeley Research Group Data Breach Affects 6k People: Social Security Numbers Exposed

On March 2, 2025, Berkeley Research Group, (BRG), a global management consulting firm, detected suspicious activity within its internal network. An investigation revealed that an unauthorized actor gained access to and copied files containing sensitive information between Feb.28, 2025 and March 2, 2025.

The cyberattack compromised both personally identifiable information (PII) and protected health information (PHI). The types of information exposed include name, address, date of birth, Social Security number, tax identification number, passport number, driver’s license number or government ID, financial and bank account information (sometimes with PIN, security code or login credentials), payment card number (sometimes with additional details), username and password, medical information and health insurance information.

According to disclosures, the data breach affected at least 6,083 individuals. Berkeley Research Group published a Notice of Data Incident on its website and reported the incident to the U.S. Department of Health and Human Services.

The cybersecurity incident was reported to multiple state authorities, including the California, Maine, Massachusetts, Washington, Vermont, Iowa, New Hampshire, Texas and Oregon Attorney Generals' offices beginning on Oct. 30, 2025. BRG also notified affected individuals by mail.

The wide range of sensitive person and financial information exposed, along with the confirmed exfiltration of data by a cybercriminal, puts individuals at risk of identity theft and fraud.

Berkeley Research Group's response

After discovering the breach, BRG took systems offline, engaged with data security professionals and notified law enforcement. In addition to requires state and federal disclosures, the company is providing 24 months of free Kroll identity monitoring services to impacted individuals. This includes credit monitoring, fraud consultation and identity theft restoration.

If you receive a data breach notice from Berkeley Research Group, you may want to:

• Sign up for the free identity monitoring services, offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

The company established a toll-free assistance line for individuals with questions at (866) 291-2114 Monday through Friday from 9am through 6:30pm Eastern Time.