Venture capital firm Insight Partners has notified over 12,000 individuals that their personal data was stolen in a ransomware attack that occurred in mid-October 2024.
Why it matters: The breach exposed sensitive information, including banking and tax details, as well as personal data of current and former employees, limited partners, and information related to Insight Partners’ funds, management companies, and portfolio companies.
The details:
- Hackers gained access to Insight Partners’ network through a sophisticated social engineering attack around October 25, 2024.
- The threat actors exfiltrated data from the affected servers and began encrypting them on January 16, 2025, at approximately 10:00 a.m. EST.
- Insight Partners manages over $90 billion in assets and has invested in more than 800 software and technology startups worldwide.
- The company is mailing formal notification letters to all individuals whose data was impacted, offering complimentary credit or identity monitoring services.
What they’re saying:
- “Formal notification letters are being mailed to all individuals whose data was impacted, including complimentary credit or identity monitoring services. Please note that, if you have not received a notification letter by the end of September 2025, then we have determined your personal data was not impacted by the incident,” the company stated.
- Kristen Zeck, a spokesperson for Insight Partners, did not respond to inquiries about the attack prior to publication.
The background: Other venture firms, such as Advanced Technology Ventures and Sequoia Partners, have faced similar cyberattacks in recent years, where hackers accessed personal information of limited partners.
What’s next: Insight Partners recommends affected individuals sign up for complimentary protection services, change all enterprise and personal passwords, enable multi-factor authentication, and consider placing a freeze on their credit reports. As of now, no ransomware gangs have claimed responsibility for the attack, and there is no evidence that the stolen files have been misused.
