Venture capital giant Insight Partners has confirmed that a sophisticated ransomware attack resulted in the theft of personal data belonging to over 12,600 individuals. The breach, which targeted the firm’s internal human resources systems, compromised sensitive information of employees, former staff, and limited partners—the high-net-worth investors who provide the capital for the firm’s venture funds.
Timeline of the Security Breach
According to formal filings with the California Attorney General, unauthorized actors gained entry to Insight’s HR infrastructure in mid-October 2024. The attackers successfully exfiltrated data from company servers before deploying encryption software on January 16, 2025, a classic signature of a ransomware operation.
Insight Partners formally acknowledged the incident in a statement released on September 4, characterizing the entry point as a “social engineering attack.” The firm confirmed the scope of the incident in a separate notice provided to the Maine Attorney General.
Data Compromised and Financial Impact
While the specific nature of every stolen record remains undisclosed, the company previously confirmed that the stolen data includes:
- Banking and tax information.
- Personal records of current and former employees.
- Sensitive investor details regarding management companies and portfolio funds.
Insight Partners, which manages over $90 billion in assets, has remained silent regarding whether it received an extortion demand or if any payment was made to the threat actors to prevent the release of the stolen data. The firm has declined to provide further comment on the specifics of the incident.
A Growing Trend in Venture Capital
The breach places Insight Partners among a growing list of prominent venture capital firms targeted by cybercriminals. The industry has seen several high-profile incidents in recent years, including the 2021 ransomware attack on Advanced Technology Ventures and a significant data breach at Sequoia Partners. These incidents highlight the increasing vulnerability of firms that manage substantial capital and hold extensive personal financial data.
The irony of the situation is notable, as Insight Partners maintains an extensive portfolio of cybersecurity companies, including industry leaders such as Databricks and Wiz.