Do Son 
Insight Partners, one of the world’s largest venture capital firms with over $90 billion in assets under management, has confirmed a breach involving the compromise of sensitive internal data following a successful cyberattack on its servers. The attackers may have gained access to information pertaining to employees, investors, partner companies, and the firm’s portfolio investments.
The incident was first detected on January 16. By February, Insight representatives disclosed that the breach resulted from a “sophisticated social engineering attack.” External cybersecurity experts were brought in to assess the scope of the compromise, and their investigation remains ongoing. This week, the company issued an updated statement confirming that the affected data may include banking and tax records, fund and portfolio company information, as well as personal data of current and former employees and limited partners — the high-net-worth individuals and institutions who provide capital to the fund.
Insight has not specified whether the compromised data was merely accessed or actively exfiltrated. It has, however, confirmed that employees and major investors have already been notified, with additional notifications to other affected parties planned in stages. Impacted individuals are advised to reset passwords, enable two-factor authentication, and consider placing a freeze on their credit reports if necessary.
Insight Partners is renowned for its investments in prominent firms such as Twitter, Wiz, Hootsuite, SentinelOne, and Recorded Future. Confidential information regarding such ventures holds immense value for competitors and could be weaponized in high-level business-targeted attacks — notably through Business Email Compromise (BEC) schemes. According to the FBI, global losses from BEC now exceed $55 billion. These attacks often begin with access to a victim’s work email or phone number, followed by impersonation of executives to fraudulently authorize transfers to attacker-controlled accounts. The more intelligence attackers possess about internal corporate operations, the more convincing their deception becomes.
The situation is further exacerbated by the widespread proliferation of deepfake technologies. Last year, the U.S. Federal Communications Commission issued warnings about the rising use of fabricated audio clips. In one notorious case in Hong Kong, scammers deceived a company’s chief financial officer into transferring $25 million after presenting a deepfake video of the firm’s CEO. As the cost of these technologies continues to fall, their effectiveness and prevalence only grow.
Donate