Insight Partners private equity and venture capital firm reports cyberattack
Learn More
Insight Partners, a New York-based private equity and venture capital firm, was hit by a data breach through a social engineering attack in January 2025. The unauthorized access to their information systems was detected on January 16, 2025.
The company, initiated an investigation and engaged multiple cybersecurity experts, forensic specialists, eDiscovery experts, and external legal counsel to thoroughly investigate the incident.
Insight Partners proactively notified their stakeholders, portfolio companies, and law enforcement in relevant jurisdictions. Their portfolio includes major technology and cybersecurity companies such as:
- Wiz
- Kaseya
- Armis
- Checkmarx
- Island
- JFrog
- PluralSight
- Recorded Future
- SentinelOne
According to the company's statement, there is no evidence of continued threat actor presence in their corporate network after January 16, and they don't anticipate any material impact on their portfolio companies, Insight funds, or other stakeholders.
The types of compromised data and number of affected individuals are not disclosed
The company has stated they will update any impacted individuals once more information becomes available during their investigation.
Update - as of 8th of May 2025, Insight Partners confirmed that sensitive data belonging to employees and limited partners was stolen during the cyberattack. The types of exposed data includes:
- Fund information
- Management company information
- Portfolio company information
- Banking information
- Tax information
- Personal information of current and former employees
- Information related to Limited Partners
Insight Partners announced that individuals confirmed to have had their information exposed will be notified, but this process will occur in waves starting after 8th of May 2025. In the meantime, the company has recommended that potentially impacted persons take several precautionary measures, including changing personal and enterprise passwords, activating two-factor authentication (2FA) on all financial accounts, closely monitoring financial statements and credit reports, and considering placing a fraud alert or credit freeze.
The breach represents a potentially serious exposure of competitive financial information that most venture capital firms strive to keep confidential. Beyond competitive intelligence concerns, cybersecurity experts note the stolen data could be weaponized for sophisticated business email compromise (BEC) scams.
As of 8th of September 2025, Insight Partners reports they completed notifying affected individuals of this attack.
As of 17th of September 2025, Insight Partners, reported that the attack began with social engineering in October 2024 and culminated in server encryption on January 16, 2025 after a three-month data theft period affecting 12,657 individuals.
