Data breach may have exposed information of New Orleans sex abuse survivors

A cybersecurity incident at a consulting firm working with the Archdiocese of New Orleans may have compromised sensitive information belonging to sexual abuse survivors, according to recent court documents.

Berkeley Research Group (BRG), a California-based consultancy firm, confirmed it was the victim of a ransomware attack in late February 2025. The attack potentially resulted in the exfiltration of data connected to the Archdiocese of New Orleans case

BRG is currently working with professional data experts to determine the scope of the breach. Investigators are assessing whether the stolen data included "any identifiable information, even if it is just a name, relating to individuals involved in the subject case... or any information subject to a protective order or confidentiality agreement"

No details are disclosed about the nature of the attack or any impacted data or individuals. If it's confirmed that data of survivors of sexual abuse, has been exposed, it could lead to additional trauma and privacy violations for individuals who have already experienced significant harm.

The Archdiocese of New Orleans released a brief statement acknowledging the incident: "This data breach is gravely concerning to us. We defer any further comment directly to BRG or to Mr. Stang who retained the firm."

Update - as of 9th of May 2025, a report from BRG indicates that at least 12 Catholic entities across several states were impacted by the breach, including: 

• California’s Franciscan Friars and its dioceses of Oakland, San Diego, San Francisco and Santa Rosa;
• The Louisiana archdiocese of New Orleans;
• The Maryland diocese of Baltimore;
• The New York dioceses of Albany, Ogdensburg, Rochester and Rockville Centre.
• The Vermont Roman Catholic Diocese

The company has paid an undisclosed ransom and received a "destruction log" claiming stolen data was deleted. The FBI continues investigating this breach.