"The data breach notification letter doesn't say what data the hackers managed to grab. However, an earlier public statement from Insight said the stolen data included information about certain Insight funds, management companies, and portfolio companies, along with banking and tax records. Personal information relating to current and former employees and limited partners - the wealthy backers of Insight's venture funds - was also taken."
"The disclosure came in a letter filed with Maine's Attorney General this week, marking the first time Insight has publicly acknowledged that the incident involved data-encrypting malware. According to the filing, attackers gained access to servers used by the HR and finance teams on or around 25 October 2024. They quietly exfiltrated data before kicking off encryption at around on January 16, 2025 - the point at which Insight's IT team detected the intrusion and booted them out."
"Insight manages more than $90 billion in assets and backs a long list of tech and cybersecurity companies, including Twitter, Wiz, Hootsuite, SentinelOne, and Recorded Future. The VC giant says it has mailed notification letters to all affected individuals and is offering complimentary credit or identity monitoring services. The company says it has also "implemented necessary security measures to re-secure affected systems and to prevent similar occurrences in the future", which included rebuilding affected systems, patching the misconfiguration that let the miscreants in, and beefing up internal defenses to stop it from happening again."
Insight Partners experienced a ransomware attack that compromised personal data for more than 12,000 individuals, including current and former employees and limited partners. Attackers accessed HR and finance servers around 25 October 2024, exfiltrated data quietly, and began encrypting files on January 16, 2025, prompting detection and removal by Insight's IT team. Stolen material reportedly included information on Insight funds, management and portfolio companies, and banking and tax records. Insight mailed notification letters, offered complimentary credit or identity monitoring, rebuilt affected systems, patched a misconfiguration, and strengthened internal defenses. The attacker identity, demands, and any payment were not disclosed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]