The New York-based firm’s portfolio companies include Google acquisition target Wiz as well as Kaseya and Veeam.
Insight Partners, a venture capital and private equity firm that invests in vendors that sell through the channel, is notifying about 12,700 people that their personal data has been affected by the breach discovered in January.
The New York-based firm–whose portfolio companies include Google acquisition target Wiz as well as Kaseya and Veeam–has also revealed that the threat actor behind the attack breached Insight on Oct. 25, with the firm discovering the breach on Jan. 16 when the actor started encrypting servers, according to a filing with the state of Maine.
The firm said back in May that it had started to inform any individuals affected by the security incident it discovered in January, with “portfolio company information” potentially impacted.
[RELATED: Wiz, Kaseya Investor Warns Security Incident May Have Impacted ‘Portfolio Company Information’]
Insight Partners Breach
CRN has reached out to Insight Partners for comment.
Insight recently sold Recorded Future to Mastercard. The firm has recently invested in the likes of Databricks, SpecterOps and Anaconda.
The firm put out a statement on Jan. 16 about closing on $12.5 billion in capital to invest in more software companies. That same day, the firm detected that an unauthorized third party accessed some of its information systems through a social engineering attack.
Insight uploaded a template letter to Maine’s website that will be sent to individuals with personal data. Less than 30 of the affected people live in Maine.
The letter, signed by Insight Managing Director and Chief Compliance Officer Andrew Prodromos, says that on or around Oct. 25, a threat actor accessed Insight servers and started exfiltrating data.
Insight expelled the threat actor from human sources and finance information systems on Jan. 16, the same day the threat actor started encrypting servers, with help from third-party investigators and cybersecurity experts.
The firm warns letter recipients that no evidence exists to suggest personal data has been misused, but the data is still at risk for identity theft and other fraudulent purposes.
Insight has addressed the misconfiguration the threat actor exploited, rebuilt compromised machines and affected servers, improved internal security and system access requirements plus notified law enforcement and regulatory authorities, according to the letter. Affected individuals will also receive free memberships to Equifax WebDefend, although the letter does not say the term length.
The firm also suggests letter recipients change personal and enterprise passwords, enable two-factor authentication and initiate a fraud alert with all three credit bureaus or even freeze credit reports.
