The Vermont Roman Catholic Diocese is one of a dozen U.S. religious entities that have filed for bankruptcy whose digital information — potentially including confidential sex abuse claims — was exposed in a cyberattack.

The California-based Berkeley Research Group had been hired to collect allegations of Vermont clergy misconduct when it discovered a data breach in early March, the firm said in court papers filed in Burlington.

The Wall Street Journal reported that a hacker impersonating an information technology worker got inside the company’s computer system and installed ransomware.

Berkeley Research Group confirmed in court papers that it paid an undisclosed settlement to an unidentified “threat actor” and received a “destruction log” that showed “any data exfiltrated during the incident was deleted and will not be disclosed.”

U.S. Bankruptcy Court in Burlington has scheduled a hearing on the issue for June 24.

According to the company, the 12 Catholic entities involved in the breach include the Vermont diocese; California’s Franciscan Friars and its dioceses of Oakland, San Diego, San Francisco and Santa Rosa; the Louisiana archdiocese of New Orleans; the Maryland diocese of Baltimore; and the New York dioceses of Albany, Ogdensburg, Rochester and Rockville Centre.

Berkeley Research Group has not disclosed what information was stolen from each diocese, but said “there is no indication that this crime was targeted” because the breach also involved its business clients.

The firm said it couldn’t elaborate because of an ongoing FBI criminal investigation, but noted it was monitoring the internet and dark web and had yet to find any signs of leaks.

Lawyers representing more than 100 Vermont accusers declined to say whether they knew of or believed that any private data was compromised. But they noted the cyberattack occurred a month before an April 4 court deadline for filing abuse reports, so the company may not have held any of the state’s confidential claims at that time.

The Vermont diocese referred questions to its attorneys, Fredrikson & Byron of Minnesota, who didn’t respond to requests for comment.

The U.S. Department of Justice’s Trustee Program, which oversees bankruptcy cases nationwide, has filed court papers noting the potential release of any “sensitive and confidential” information was “very concerning.”

The Vermont diocese is the nation’s40th Catholic entity to seek Chapter 11 protection because of clergy misconduct as far back as 1950.

As part of the process, the Burlington court placed all sex abuse lawsuits on hold and invited accusers to file confidential claims as potential creditors. A total of 118 people submitted new allegations either just before or after the data breach — almost double the number who previously settled cases over the past two decades.

This story was republished with permission from VtDigger, which offers its reporting at no cost to local news organizations through its Community News Sharing Project. To support this work, please visit vtdigger.org/donate.