Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. Insight Partners is a prominent global venture capital and private equity firm specializing in high-growth technology, software, and internet companies, managing over $90 billion in regulatory assets. The company has significant investments in more than 800 companies worldwide, including Twitter, HelloFresh, and Veeam Software.
On 18 February 2025, Insight Partners released a statement informing clients of a cybersecurity incident that occurred on 16 January 2025, where a cyber actor accessed certain IT systems after carrying out a "sophisticated social engineering attack."[1]
Insight Partners assured stakeholders that the incident was isolated, and its duration was contained to a single day, resulting in no disruptions to its business operations. An investigation into its full scope was still underway. In an update published earlier this week, the company says it has verified a data breach with the help of experts at an eDiscovery vendor and is now working on determining who is impacted.
The data that has been exposed varies per individual and investor, and may include:
- Fund information
- Management company information
- Portfolio company information
- Banking information
- Tax information
- Personal information on current and former employees
- Information related to Limited Partners
Individuals confirmed to have had their information exposed will be notified, but Insight Partners say this will occur in waves, starting in the next few days. In the meantime, potentially impacted persons are recommended to change their personal and enterprise passwords and activate two-factor authentication (2FA) on all financial accounts. It is recommended to closely monitor financial statements and credit reports and consider placing a fraud alert or freeze.
Insight Partners has not yet been listed on any ransomware sites and extortion portals, so the type of attack and the perpetrators responsible for it are still unknown.
This article is shared at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.bleepingcomputer.com/news/security/vc-giant-insight-partners-confirms-investor-data-stolen-in-breach/
Comments