2216 N. Charles St., Baltimore, MD 21218 410-235-1660
© 2025 WYPR
WYPR 88.1 FM Baltimore WYPF 88.1 FM Frederick WYPO 106.9 FM Ocean City
Donate
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Church abuse survivors in Baltimore still unsure if cyber attack reached them

WYPR - 88.1 FM Baltimore | By Scott Maucione
Published May 27, 2025 at 3:20 PM EDT
Members of Maryland’s chapter of Survivors Network of those Abused by Priests held a news conference on May 8, 2023 outside of the Archdiocese of Baltimore. (Kaitlin Newman/The Baltimore Banner)
Kaitlin Newman
/
The Baltimore Banner
Members of Maryland’s chapter of Survivors Network of those Abused by Priests held a news conference on May 8, 2023 outside of the Archdiocese of Baltimore.

A financial advisor firm working on the Baltimore Catholic Archdiocese’s bankruptcy case says it still has not informed alleged sexual abuse victims that their names and other data may have been compromised by a data breach nearly three months after the attack.

Berkeley Research Group was targeted by hackers on March 3, and says it is still investigating whose information may have been exposed.

BRG acts as a financial advisor for the Official Committee of Unsecured Creditors in the bankruptcy of the Archdiocese of Baltimore. It also advises nine other committees in other religious organization cases across the nation.

“BRG believed it was important that the Incident Notices be filed simultaneously,” wrote Timothy Karcher, counsel for BRG wrote in a letter to the court. “BRG also recognized that the risk of providing potentially incomplete or inaccurate information, with less clarity, on a faster timeline, was significantly outweighed by the benefit of developing a firmer, more accurate understanding of the impact to the subject cases and stakeholders before filing the incident notices.”

BRG stated in the letter that it paid a settlement to the hackers and received a destruction log to show that information was not leaked.

The company immediately contacted the FBI when it realized it had been hacked.

In the letter, BRG is trying to make the case that it should not be penalized for the hack and its response.

“BRG respectfully rejects any suggestion of liability,” Karcher wrote. “BRG was the victim of the ransomware attack, not the perpetrator. To reiterate — BRG was the victim of a crime.”

However, victim advocates say the hack could further traumatize survivors and that BRG should have been responsible for its own cybersecurity.

The breach is particularly troublesome because survivors have the option to remain publicly anonymous due to the sensitivity of sexual assault allegations.

“Although such a largescale data breach would be of concern to the United States Trustee in any bankruptcy case, that the breach occurred in archdiocesan and diocesan cases—where the claims information of sexual abuse survivors is the most sensitive and confidential of all information—is very concerning,” Nan Roberts Eitel, associate general counsel for Chapter 11 Practice for the U.S. Trustees Program, wrote in a letter to BRG.

The Baltimore Archdiocese filed for bankruptcy in fall 2023, right before the Child Victims Act went into effect.

There are as many as 1,000 claimants who are filing against the church for abuse that stems back decades.
Tags
WYPR News Archdiocese of BaltimoreSex Abuse in the Catholic Churchsexual abuseCrimeFBIDepartment of Justice
Scott Maucione
Scott is the Health Reporter for WYPR. @smaucionewypr
See stories by Scott Maucione
Related Content