Insight Partners: Insight Partners Confirms Ransomware Hit 12,600+ People

Insight Partners Hit by Months-Long Ransomware Attack, Exposing Data of 12,600 Individuals

Insight Partners, a $90 billion venture capital firm backing cybersecurity leaders like Wiz and Databricks, confirmed a ransomware attack that compromised sensitive data from over 12,600 individuals. The breach, disclosed in filings with the California attorney general, unfolded between October 2024 and January 2025, revealing a prolonged and stealthy operation.

Attackers first infiltrated Insight’s human resources systems in mid-October 2024, spending months exfiltrating data before deploying ransomware on January 16, 2025. The stolen information includes banking and tax records, personal details of current and former employees, and data on limited partners private, high-net-worth investors who typically prioritize confidentiality.

The breach is particularly notable given Insight’s portfolio, which includes some of the most security-focused companies in tech. The firm’s investments in Databricks ($43 billion valuation) and Wiz (which rejected a $23 billion acquisition offer from Google in 2025) underscore the irony of the attack.

Insight attributed the breach to a "social engineering attack," suggesting hackers manipulated employees into granting access rather than exploiting technical vulnerabilities. The incident highlights persistent risks in cybersecurity, even for firms with deep expertise in the field.

Source: https://www.techbuzz.ai/articles/insight-partners-confirms-ransomware-hit-12-600-people

Insight Partners, LLC cybersecurity rating report: https://www.rankiteo.com/company/insightpartnersllc

"id": "INS1770616456",
"linkid": "insightpartnersllc",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': '12,600 individuals',
                        'industry': 'finance, investment',
                        'name': 'Insight Partners',
                        'size': '$90 billion in assets under management',
                        'type': 'venture capital firm'}],
 'attack_vector': 'social engineering',
 'data_breach': {'data_encryption': 'yes (ransomware deployment)',
                 'data_exfiltration': 'yes',
                 'number_of_records_exposed': '12,600',
                 'personally_identifiable_information': 'yes',
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['banking records',
                                              'tax records',
                                              'personal details',
                                              'limited partner data']},
 'date_detected': '2025-01-16',
 'description': 'Insight Partners, a $90 billion venture capital firm backing '
                'cybersecurity leaders like Wiz and Databricks, confirmed a '
                'ransomware attack that compromised sensitive data from over '
                '12,600 individuals. The breach, disclosed in filings with the '
                'California attorney general, unfolded between October 2024 '
                'and January 2025, revealing a prolonged and stealthy '
                'operation. Attackers first infiltrated Insight’s human '
                'resources systems in mid-October 2024, spending months '
                'exfiltrating data before deploying ransomware on January 16, '
                '2025. The stolen information includes banking and tax '
                'records, personal details of current and former employees, '
                'and data on limited partners (private, high-net-worth '
                'investors who typically prioritize confidentiality). The '
                'breach is particularly notable given Insight’s portfolio, '
                'which includes some of the most security-focused companies in '
                'tech. The firm’s investments in Databricks ($43 billion '
                'valuation) and Wiz (which rejected a $23 billion acquisition '
                'offer from Google in 2025) underscore the irony of the '
                "attack. Insight attributed the breach to a 'social "
                "engineering attack,' suggesting hackers manipulated employees "
                'into granting access rather than exploiting technical '
                'vulnerabilities.',
 'impact': {'brand_reputation_impact': "notable given the firm's portfolio in "
                                       'cybersecurity',
            'data_compromised': 'banking and tax records, personal details of '
                                'current and former employees, data on limited '
                                'partners (private, high-net-worth investors)',
            'identity_theft_risk': 'high',
            'payment_information_risk': 'high',
            'systems_affected': 'human resources systems'},
 'initial_access_broker': {'entry_point': 'human resources systems',
                           'high_value_targets': 'limited partners, '
                                                 'high-net-worth investors',
                           'reconnaissance_period': 'mid-October 2024 to '
                                                    'January 2025'},
 'post_incident_analysis': {'root_causes': 'social engineering attack'},
 'ransomware': {'data_encryption': 'yes', 'data_exfiltration': 'yes'},
 'references': [{'source': 'California attorney general filings'}],
 'regulatory_compliance': {'regulatory_notifications': 'filed with California '
                                                       'attorney general'},
 'title': 'Insight Partners Hit by Months-Long Ransomware Attack, Exposing '
          'Data of 12,600 Individuals',
 'type': 'ransomware'}