Major venture capital firm Insight Partners just confirmed that hackers stole personal data from over 12,600 people during a sophisticated ransomware attack that began in October and culminated in January. The breach exposed sensitive information about employees, limited partners, and portfolio companies at the $90 billion investment giant behind cybersecurity unicorns Wiz and Databricks.
The venture capital world just got a harsh reminder that no one's immune to cyber threats. Insight Partners, the $90 billion investment powerhouse behind some of today's biggest cybersecurity companies, has confirmed that hackers pulled off a sophisticated months-long attack that compromised sensitive data from over 12,600 people.
The timeline reveals just how patient these attackers were. According to California attorney general filings, the hackers first broke into Insight's human resources systems sometime in mid-October 2024. They then spent months quietly exfiltrating data before making their move on January 16, 2025, when they began encrypting systems - the telltale sign of a ransomware operation.
What makes this particularly striking is the treasure trove of sensitive information the attackers accessed. The stolen data includes banking and tax information, personal details of current and former employees, and most significantly, information about Insight's limited partners - the typically private, unnamed investors who provide capital to venture funds. These are often ultra-high-net-worth individuals and institutions who value their privacy above almost everything else.
Insight Partners' portfolio reads like a who's who of the cybersecurity world, making the irony impossible to ignore. The firm has invested in Databricks, the data analytics giant valued at $43 billion, and Wiz, the cloud security company that famously turned down Google's $23 billion acquisition offer earlier this year. The firm's investments span across some of the most security-conscious companies in tech.
The attack methodology - what Insight described as a "social engineering attack" in their September 4 statement - suggests the hackers likely tricked employees into providing access credentials rather than exploiting technical vulnerabilities. It's a reminder that human factors often remain the weakest link in even the most sophisticated security setups.
Insight's disclosure comes at a time when venture firms are increasingly becoming targets. The firm joins a growing list of investment giants that have fallen victim to cyberattacks. Silicon Valley's Advanced Technology Ventures suffered a ransomware attack in 2021, while Sequoia Capital disclosed a data breach the same year that exposed limited partner information.
