New York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack.
The company disclosed the cybersecurity incident in February, when it said that a threat actor gained access to its network following a “sophisticated social engineering attack.”
Two months later, Insight Partners confirmed that the attackers had also stolen sensitive data during the breach, including banking and tax information, personal information of current and former employees, information related to limited partners, as well as fund, management company, and portfolio company information.
"Formal notification letters are being mailed to all individuals whose data was impacted, including complimentary credit or identity monitoring services. Please note that, if you have not received a notification letter by the end of September 2025, then we have determined your personal data was not impacted by the incident," it said in a subsequent statement.
While no ransomware gangs have yet claimed responsibility, Insight Partners revealed in breach notifications filed with California's attorney general on Monday and first spotted by TechCrunch, that the threat actors breached its network in October and encrypted servers on January 16 after exfiltrating data.
"Insight Partners' investigation into the incident determined that, on or around October 25, 2024, a threat actor successfully used a sophisticated social engineering attack to gain access to the affected servers," the company said.
"Once inside, the threat actor began exfiltrating data from these servers, and beginning at or around 10:00 a.m. EST on January 16, 2025, began encrypting these servers."
In a filing with Maine's attorney general this week, the company also disclosed that the resulting data breach affects 12,657 individuals.
Insight Partners manages over $90 billion in regulatory assets and has invested in more than 800 software and technology startups worldwide throughout its 30-year history.
An Insight Partners spokesperson has not yet responded to several requests for comment from BleepingComputer regarding the incident.
Picus Blue Report 2025 is Here: 2X increase in password cracking
46% of environments had passwords cracked, nearly doubling from 25% last year.
Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.
Related Articles:
Panama Ministry of Economy discloses breach claimed by INC ransomware
Lovesac confirms data breach after ransomware attack claims
MATLAB dev says ransomware gang stole data of 10,000 people
Nissan confirms design studio data breach claimed by Qilin ransomware
DaVita says ransomware gang stole data of nearly 2.7 million people
Original Article Published at Bleeping Computer
________________________________________________________________________________________________________________________________
