At a time when the world is talking about hidden threats to cyber security in agentic AI browsers, instances of data thefts keep rolling by. Some companies announce it and then seek recourse while others fix things before sharing the instance. The latest in this case is venture capital firm Insight Partners who notified a data breach and updated it with a review report.
The company had notified people connected to the company that personal information was stolen by hackers back in January this year. They revealed an “unauthorized third party” had accessed “certain Insight information systems through a sophisticated social engineering attack” and that teams were working on fixes.
Nearly five months later, the VC firm planned to notify affected people on a rolling basis about the data theft that includes personal information about current and former staff and those related to their limited partners – investors who provide capital to the company’s venture funds. Data about some funds, management companies, and portfolio companies were also said to be compromised.
Why the five month delay to acknowledge?
It took the company five months to openly acknowledge that their data was compromised during the cyberattack that struck them on January 16. At that time, the VC firm had attributed the hack to what they called a “sophisticated social engineering attack” without actually sharing any evidence for the same.
Now, Insight Partners has updated an earlier statement from February to suggest that they had completed the review of the attack in August of the data breach. “On August 21, 2025, our eDiscovery vendor completed its analysis of the impacted data, identifying the individuals whose personal data was impacted and the scope of that information,” it said.
Additionally, the company has also filed a formal data breach notification with the attorney general of California which indicates that hackers actually broke in during mid-October last year into their human resources system. The detailed PDF says hackers removed data from the company’s servers and began encrypting the systems – a sign of a ransomware attack.
In another notification to the attorney general of Maine, the company said the ransomware attack has impacted more than 12,600 people though there was no information in either of these filings about the specific nature of personal data that was lost. Given that the company manages over $90 billion in assets, these filings appear lacking in transparency.
The first step to tackling cybercrime is transparency
Of course, in an earlier statement, the company had shared that the stolen data included details about Insight Partner funds, management companies and portfolio companies. In addition, their statement said hackers also stole banking and tax data, personal information of unnamed investors, as well as past and present employees.
There were no details about how the company managed what was highly likely to have been a ransomware attack. Typically in such cases, the victim pays up for a security breach in order to get their systems back in operation. In recent times, several venture firms have witnessed cyber attacks including Sequoia Partners and AT Ventures in 2021.
During those two instances, the companies had come clean quickly. While Advanced Technology Ventures admitted to the attack within less than a month of the ransomware attack, Sequoia Partners confirmed the cyber crime early, acknowledging that a phishing attack on an employee’s email had led to the breach.
About the author: Raj is a movie buff, a sports enthusiast and a gadget user. But hardly a tech writer. His focus is on de-jargonizing technology for the simple and uncluttered minds. He studies the business of technology and seeks to cut the clutter. He can be reached at [email protected]).
