In January, Insight Partners suffered a social engineering attack (a form of cyber attack) resulting in a data breach where hackers stole sensitive personal and financial information. The compromised data included details about the firm’s funds, management companies, and portfolio companies, as well as banking and tax information. Additionally, personal information of current/former employees and limited partners (investors) was exposed. The breach was reviewed by August, but the company has not disclosed the number of affected individuals, whether an extortion demand was made, or if a ransom was paid. Insight Partners, managing over $90 billion in assets, is a high-profile venture capital firm investing in major cybersecurity companies like Databricks and Wiz. The incident follows similar attacks on other venture firms, such as Advanced Technology Ventures (ransomware, 2021) and Sequoia Partners (data breach, 2021).
TPRM report: https://www.rankiteo.com/company/insight--partners
"id": "ins5202652090925",
"linkid": "insight--partners",
"type": "Cyber Attack",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (limited partners, '
'employees, portfolio companies)',
'industry': 'Financial Services / Private Equity',
'location': 'Global (HQ: New York, USA)',
'name': 'Insight Partners',
'size': '$90B+ assets under management',
'type': 'Venture Capital Firm'}],
'attack_vector': 'Social Engineering',
'data_breach': {'data_exfiltration': 'Confirmed',
'personally_identifiable_information': 'Yes (employees, '
'limited partners)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Financial Data (banking, tax)',
'Business/Investment Data']},
'date_detected': '2024-01',
'date_publicly_disclosed': '2024-08',
'description': 'Venture capital firm Insight Partners disclosed a data breach '
'in January, where hackers stole personal '
'information—including banking and tax details—of limited '
'partners, employees, and portfolio companies via a social '
'engineering attack. The breach was reviewed by August, but '
'details such as the number of affected individuals, extortion '
'demands, or ransom payments remain undisclosed. The firm has '
'$90B+ in assets under management and invests in major '
'cybersecurity companies like Databricks and Wiz.',
'impact': {'brand_reputation_impact': 'Potential (undisclosed)',
'data_compromised': ['Personal Information (employees, limited '
'partners)',
'Banking Information',
'Tax Information',
'Fund/Management/Portfolio Company Data'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (banking details compromised)'},
'initial_access_broker': {'entry_point': 'Social Engineering',
'high_value_targets': ['Limited Partners',
'Portfolio Companies',
'Financial Data']},
'investigation_status': 'Completed (internal review by August 2024)',
'motivation': ['Data Theft', 'Potential Extortion'],
'post_incident_analysis': {'root_causes': 'Social engineering attack (details '
'undisclosed)'},
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'TechCrunch', 'url': 'https://techcrunch.com'},
{'date_accessed': '2024-08',
'source': 'Insight Partners Statement'}],
'response': {'communication_strategy': 'Limited disclosure; notifications '
'sent to affected individuals',
'incident_response_plan_activated': 'Yes (review completed by '
'August 2024)'},
'stakeholder_advisories': 'Notifications sent to affected limited partners '
'and employees',
'title': 'Insight Partners Data Breach via Social Engineering Attack',
'type': 'Data Breach'}