Venture capital firm Insight Partners has notified thousands of people, including the firm’s limited partners, that their personal information was stolen by hackers in an earlier data breach.
In a statement on September 4, the VC giant said it completed its review earlier in August following its data breach, which it described as a “social engineering attack” without further explanation.
The venture firm has now said in a formal data breach notification filed with California’s attorney general this week that the hackers broke in during mid-October 2024 to the company’s human resources system. It said the hackers exfiltrated data from Insight’s servers and began encrypting the systems on January 16, 2025, a hallmark of a ransomware attack.
Insight separately also told the Maine attorney general this week in an official notice that the ransomware attack affects more than 12,600 people.
Neither of the data breach notification letters disclosed what specific personal data was taken from Insight’s systems.
But according to the company’s earlier statement, the stolen data included information about certain Insight Partners’ funds, management companies, and portfolio companies. The hackers also took banking and tax information, the company said, as well as personal information about its current and former employees and its limited partners — the typically private and unnamed investors who help provide capital to Insight’s venture funds.
Insight Partners has said little else about the data breach, such as whether the company received an extortion demand from the hackers or if it paid the hackers. (It’s not uncommon for companies to face demands for payment in exchange for the hackers deleting or not publishing the stolen data.)
Kristen Zeck, a spokesperson for Insight Partners, did not respond to emails with questions about the breach sent prior to publication.
The company has more than $90 billion in assets under its management and has invested in some of the largest cybersecurity companies today, including Databricks and Wiz.
Insight Partners joins a handful of other venture firms in recent years to have been hacked.
Silicon Valley venture firm Advanced Technology Ventures was hit by a ransomware attack in 2021, the same year that Sequoia Partners experienced a data breach. Both incidents allowed hackers to swipe personal information of their firms’ limited partners.
Updated on September 17 with additional details about the ransomware attack.