In early 2025, news broke of a major data breach at Insight Partners — one of the world’s largest venture capital firms, known for investing in companies like Twitter, SentinelOne, Wiz, Recorded Future, and many others. Although the incident occurred back in January, its consequences are only now becoming fully apparent. The leak affected not just employees and companies within the fund’s portfolio, but also investors — including individuals with billions of dollars under management.
Insight Partners officially confirmed that the breach was the result of a sophisticated social engineering attack. This means the hackers didn’t simply exploit a technical vulnerability; they infiltrated through human factors. It could have been phishing, account compromise, or even simple deception of staff. After detecting the breach, the firm brought in cybersecurity experts. Their analysis revealed that attackers may have accessed internal communications, banking information, fund and investor details, and personal data of current and former employees. Particularly valuable were the names and contact details of limited partners — or LPs — who hold large stakes in venture funds.
The hackers aren’t just stealing data — they’re using it for further attacks, especially BEC (Business Email Compromise) schemes. These attacks rely on trust and the mimicry of legitimate business communication. Imagine this: a CFO receives an email that appears to come from the CEO, urgently requesting a wire transfer to a new supplier. Everything looks authentic — the signature, writing style, even the subject line resembles past discussions. When attackers possess real documents, names, roles, and sample emails, the level of realism becomes dangerously high. That’s why BEC is considered one of the most financially damaging forms of cybercrime. According to the FBI, global losses from these attacks have already exceeded $55 billion.
Deepfake technology adds another layer of threat. This is not a theoretical concern — last year in Hong Kong, an employee was tricked into transferring $25 million after a video call with what appeared to be members of senior management. In reality, the visuals were deepfakes created by AI. The line between truth and fabrication is disappearing. A simple call or Zoom meeting is no longer enough to confirm someone’s identity.
The Insight Partners incident is not just an isolated problem. It’s a warning sign for the entire business community. Today, the target of an attack isn’t infrastructure — it’s trust. Hackers are hunting for information about people and processes: who reports to whom, how decisions are made, who has access to money. Even if a company doesn’t manage billions, it likely works with contractors, clients, and vendors — and a breach can become a gateway to compromising an entire network.
Source: SecurityLab