Victims offered identity protection; no evidence of data misuse reported so far
Months after suffering a cyberattack and confirming data theft, venture capital firm Insight Partners has started notifying affected individuals.
The company has filed a new report with the Office of the Maine Attorney General, which also included a copy of the letter being sent out.
Insight Partners is a global venture capital and private equity firm that invests in high-growth software and technology companies. In the letter, it said when the breach was spotted, how long the attackers dwelled, and what they did after exfiltrating the data.
"Insight Partners' investigation into the incident determined that, on or around October 25, 2024, a threat actor successfully used a sophisticated social engineering attack to gain access to the affected servers," the letter reads. "Once inside, the threat actor began exfiltrating data from these servers, and beginning at or around 10:00 a.m. EST on January 16, 2025, began encrypting these servers."
The letter does not state who the threat actors are, or what their demands were. As of now, no group has publicly claimed responsibility for the attack.
Elsewhere in the filing, Insight Partners confirmed that exactly 12,657 people had their sensitive information stolen, which included banking and tax information, personal information of current and former employees, information related to limited partners, as well as fund, management company, and portfolio company information.
The company also said all victims will be notified by the end of September 2025, and customers who don't get notified by then did not have their files compromised.
Insight Partners was founded in 1995, with headquarters in New York City, and offices in London, Tel Aviv, and Palo Alto. As of April 2025, the firm manages approximately $90 billion in assets and has, so far, invested in more than 875 companies globally.
To stay safe, the company recommends users sign up for complimentary identity theft protection services, provided through Experian. They should also change all enterprise and personal passwords, enable multi-factor authentication (MFA) and consider placing a freeze on their credit reports.
At press time, there was no evidence that the files were abused in the wild.