Consulting Firm BRG Suffers Cyberattack Amid LBO Debt Sale

Article content

(Bloomberg) — Berkeley Research Group suffered a cyberattack last week, according to people with knowledge of the matter, just as banks have been looking to wrap up a debt sale that would finance the consulting firm’s buyout by TowerBrook Capital Partners.

Article content

Article content

The firm discovered its systems had been breached on March 2, and received several ransomware notices from a hacker, according to the people, who asked not to be identified discussing a private transaction. The hacker claimed they had taken data from BRG’s systems and had encrypted files within its network, the people added.

Article content

BRG has hired data-security firm Octillo Law as well as Booz Allen Hamilton Inc.’s cyber team to deal with the breach, according to a notice sent to the company’s prospective loan investors and seen by Bloomberg News.

“The BRG IT team has worked around the clock with substantial support from Booz Allen to restore the network, analyze how the attack was carried out and put the data that was not encrypted by the threat actor back into service,” the memo said. 

BRG, which has advised companies such as Forever 21 Inc., has comprehensive cyber insurance, the memo added. The document did not specify the type of data affected or the extent of the attack.

A representative for TowerBrook declined to comment. Representatives for BRG, Octillo and Booz Allen did not respond to requests for comment.

The events coincide with a $700 million leveraged loan sale that’s intended to finance TowerBrook’s purchase of a majority equity investment in BRG. That deal, announced last month, is expected to close in April, according to Moody’s Ratings.

A group of banks led by Royal Bank of Canada agreed to finance the acquisition, and started to sell the debt in the broadly syndicated market last week.

Article content

Article content

The loan is being offered at 3.25 percentage points above the Secured Overnight Financing Rate, one of the people said. RBC told potential investors on Thursday that the company will update them on the loan next week, though commitments had been due March 5, according to people with knowledge of the matter.

A representative for RBC declined to comment.

The group of banks running the deal had asked investors Monday, immediately after the attack, to make a decision on whether they would purchase the loan by Wednesday, said the people. BRG informed prospective investors of the cyberattack on Wednesday, around the time the loan was due. 

Some of the prospective buyers of the loan are concerned that the attack could disrupt BRG’s business, said some of the people.

BRG consults with clients on a variety of issues from taxes to arbitration and bankruptcy procedures. The firm is advising the US-based operator of Forever 21 as it prepares for a potential bankruptcy filing. It also served as the adviser to furniture retailer Conn’s Inc., which filed for bankruptcy protection last year with plans to shut down.

Article content

Increasing Risk

Cyberattacks and data breaches have increasingly become a risk for companies as well as hospitals and municipalities.

Ransomware is a type of malware that locks up a victim’s files, which the attackers promise to unlock for a payment. Such hackers received roughly $813.5 million in payments from victims in 2024, down from a record-setting $1.25 billion the year before, according to Chainalysis Inc., which tracks cryptocurrency transactions. 

Police around the world have sharpened their focus on ransom groups since high profile incidents like the 2021 breach at Colonial Pipeline Co. caused fuel shortages around the US. British and American authorities a year ago seized websites and servers belonging to LockBit, a cybercrime crew behind hacks on Boeing Co., the UK’s Royal Mail and the Industrial & Commercial Bank of China.

Within the high-yield market, CDK Global Inc., a major software provider for car dealers across the US, had to shut down all its systems after a cyberattack in June.

The incident caused chaos at many of the roughly 15,000 car dealerships that CDK counts as clients. A group that claimed to be responsible for the hack demanded tens of millions of dollars in ransom. Car dealerships, repair shops and consumers brought federal lawsuits against the company as the breach had exposed personal consumer data.

Article content

CDK’s attack showcases how harmful these cyber incidents can be for companies, at some points shutting their businesses down or driving consumers away. CDK has an around $4 billion leveraged loan that has been trading at around 91 cents on the dollar, according to data compiled by Bloomberg.

MoneyGram International Inc. was also subject to a cyberattack back in September. The payment services firm took out almost $400 million of leveraged loans in 2023 to finance Madison Dearborn Partners’ buyout. The debt traded down after the incident and an associated class action suit, hovering around 94 cents in October, according to data compiled by Bloomberg.

—With assistance from Aaron Weinman, Gowri Gurumurthy, Jeannine Amodeo and Jeff Stone.

(Updates with information on the loan in ninth paragraph, RBC response in 10th paragraph and separate cyberattack in last paragraph. An earlier version corrected the spelling of Booz Allen Hamilton Inc. throughout.)

Article content