VC firm Insight Partners says thousands of staff and limited partners had personal data stolen in a ransomware attack

Insight Partners, a leading venture capital firm, has alerted thousands of individuals, including its limited partners, about a significant data breach that has compromised their personal information. In a statement released on September 4, the firm described the incident as a 'social engineering attack' and confirmed that a thorough investigation was concluded in August following the breach. The official notification submitted to California's attorney general detailed how hackers infiltrated the company's human resources system in mid-October 2024. The breach escalated on January 16, 2025, when the attackers not only extracted data from Insight's servers but also began encrypting those systems, which is indicative of a ransomware operation. According to the notice provided to the Maine attorney general, this cyber incident has impacted over 12,600 individuals. Although specific details about the stolen information have not been disclosed, earlier statements from Insight Partners indicated that the compromised data includes sensitive information related to various Insight funds, management firms, and portfolio companies. Additionally, the breach involved the theft of banking and tax details, along with personal data belonging to both current and former employees and limited partners—typically private investors who contribute capital to the firm’s venture funds. The firm has not released further information regarding the breach, such as whether any ransom demands were made or if a payment was made to the hackers. It is known that victims of such attacks often face extortion demands aimed at preventing the publication of the stolen data. Insight Partners, which manages over $90 billion in assets, has invested in major cybersecurity firms, including Databricks and Wiz. This incident places them among several venture capital firms that have suffered similar breaches in recent years, following attacks on firms like Advanced Technology Ventures and Sequoia Partners. As of now, Insight Partners has not responded to inquiries regarding the breach from the media, leaving many questions unanswered about the extent and impact of this cyber attack.