Berkeley Research Group Data Breach Investigation

Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Berkeley Research Group data breach.

If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.

About Berkeley Research Group

Berkeley Research Group LLC, commonly known as BRG, is a global consulting firm headquartered in Emeryville, California. Founded in 2010, the company employs more than 1,600 professionals across over 40 offices worldwide, including locations throughout the United States, Asia, Australia, Canada, Latin America, the Middle East and the United Kingdom.

BRG is known for providing consulting, advisory and expert witness services to organizations and law firms. Their areas of focus include economics, disputes and investigations, corporate finance and performance improvement. The firm’s team includes industry leaders, academics, data scientists and other professionals who deliver specialized strategies and solutions for clients in sectors such as healthcare, energy, construction, technology and insurance.

The company operates under the philosophy of “Intelligence That Works,” emphasizing practical expertise and real-world application. BRG’s leadership team includes Executive Chairman David Teece, Executive Director David Kaplan and Principal Executive Officer and President Tri MacDonald, among others.

The February–March 2025 Data Breach

On March 2, 2025, Berkeley Research Group discovered suspicious activity in its network, which was later confirmed to be consistent with a ransomware attack. The investigation revealed that an unauthorized actor gained access to BRG’s systems from the evening of Feb. 28, 2025, until March 2, 2025.

During this brief window, the unauthorized party was able to copy sensitive information from BRG’s network. The company has stated they are not aware of any fraud or identity theft stemming from the incident so far, but the potential exposure is significant.

The types of consumer information that may have been exposed include:

• Name
• Address
• Date of birth
• Social Security number
• Tax identification number
• Passport number
• Driver’s license number or government ID
• Financial and bank account information (at times in combination with PIN, security code or login credentials)
• Payment card number (at times in combination with additional details)
• Username and password
• Medical information
• Health insurance information

The breach affected at least 6,083 people in the United States, including five in Massachusetts, 99 in Texas and 15 in Washington. BRG provided notice of the incident to several state and federal agencies and is offering 24 months of free identity monitoring and credit monitoring services through Kroll.

Your Rights and Next Steps

If you received a notice from Berkeley Research Group or believe your information may have been impacted, there are important steps you can take to protect yourself:

• Enroll in the free 24-month identity monitoring and credit monitoring services offered by BRG through Kroll. This service includes credit monitoring, fraud consultation and identity theft restoration.
• Monitor your credit reports regularly. Under federal law, you are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian and TransUnion). You can request these reports at www.annualcreditreport.com.
• Consider placing a fraud alert or security freeze on your credit file. A fraud alert warns creditors to verify your identity before opening new accounts. A security freeze prevents new credit from being issued in your name without your approval.
• Watch for suspicious activity in your financial and medical accounts. Review explanation of benefits statements from your health insurer and follow up on any unfamiliar charges or services.
• If you suspect you are a victim of identity theft, report it to law enforcement, your state attorney general and the Federal Trade Commission at www.identitytheft.gov.
• Keep all documentation related to the breach and any suspicious activity.

Lawyers are ready to help individuals who have been affected by this breach understand their legal rights and options.

You May Be Entitled to Compensation

If your personal information was exposed in the Berkeley Research Group data breach, you may be eligible for compensation. Data breach laws provide important rights to individuals whose sensitive information has been compromised. Lawyers are investigating whether BRG took adequate steps to protect consumer data and whether affected individuals are entitled to financial compensation or additional remedies.

To find out if you qualify, complete the below form to join a potential lawsuit and have your case reviewed.

Sources

• California Attorney General
• Maine Attorney General
• Massachusetts Attorney General
• Oregon Attorney General
• Washington State Attorney General
• Vermont Attorney General
• Iowa Attorney General
• New Hampshire Attorney General
• Texas Attorney General
• U.S. Department of Health and Human Services
• Berkeley Research Group Notice of Data Breach