The company stated that formal notification letters are being sent to all affected parties, with complimentary credit monitoring and identity protection services offered as part of its response. It clarified that individuals who do not receive a notification letter by the end of September 2025 can assume their data was not impacted. According to filings with California’s attorney general, which were first reported by TechCrunch, the intrusion occurred in October 2024. Attackers exfiltrated data before encrypting servers on January 16, 2025, in what appears to be the culmination of a carefully planned ransomware campaign.
Insight Partners explained that the attacker gained access to its environment on or around October 25, 2024, using advanced social engineering tactics.
Once inside, the threat actor began stealing data from affected servers. Months later, at around 10:00 a.m. EST on January 16, the same servers were encrypted, effectively disrupting operations. While the firm has confirmed the theft and encryption, no ransomware group has claimed responsibility for the incident so far.
A separate filing with the Maine attorney general disclosed that the breach impacted 12,657 individuals. The compromised information poses risks ranging from financial fraud to identity theft, underscoring the seriousness of the incident.
Despite the scale of the attack, Insight Partners has not yet responded to requests for further comment on how it intends to manage recovery efforts or bolster its cybersecurity posture going forward.
Insight Partners is one of the largest venture capital firms in the United States, with over $90 billion in regulatory assets under management. Over the past three decades, it has invested in more than 800 software and technology startups globally, making it a key player in the tech investment ecosystem.
The breach marks a significant cybersecurity challenge for the firm as it balances damage control, regulatory compliance, and the trust of its investors and partners.
