Venture capital powerhouse Insight Partners has completed notifying its limited partners and employees about a devastating data breach that exposed sensitive financial and personal information in January. The $90 billion firm, which backs cybersecurity giants Wiz and Databricks, kept the breach under wraps for eight months while conducting its internal review.
Insight Partners just wrapped up one of the most sensitive notification processes in venture capital history. The firm confirmed it has finished alerting limited partners and employees whose data was stolen in what it describes as a "social engineering attack" that occurred in January 2025.
The timing couldn't be more awkward for the venture giant. Insight Partners manages over $90 billion in assets and has built its reputation backing some of today's biggest cybersecurity companies, including Databricks and Wiz. Now the firm finds itself on the wrong side of a breach disclosure, eight months after the initial incident.
According to Insight's earlier notice, the stolen data cuts deep into the firm's operational core. Hackers accessed information about Insight's funds, management companies, and portfolio companies. More critically, they obtained banking and tax information, plus personal details about current and former employees and the firm's limited partners.
Those limited partners represent some of the most privacy-conscious investors in the ecosystem. These typically unnamed institutional investors and high-net-worth individuals provide the capital that powers Insight's massive venture funds. Their personal information ending up in criminal hands creates both financial and reputational risks that extend far beyond typical corporate breaches.
Insight Partners has maintained radio silence on crucial details that would help assess the breach's true scope and impact. The firm hasn't disclosed how many individuals had data compromised, refused to share copies of breach notifications when requested by TechCrunch, and won't say whether hackers made extortion demands or received payments.
This opacity follows a concerning pattern in the venture world, where firms often treat breach disclosures as reputation management exercises rather than transparency obligations. The eight-month delay between the January incident and August's completed review suggests either a complex investigation or careful legal maneuvering around disclosure requirements.
