Trust is integral to everything we do at Insight Partners. Accordingly, we take data security extremely seriously. On January 16, 2025, Insight Partners detected that an unauthorized third-party accessed certain Insight information systems through a sophisticated social engineering attack.
As soon as this incident was detected, we moved quickly to contain, remediate, and start an investigation within a matter of hours. We notified stakeholders connected to Insight in January to alert them and encourage vigilance and tightened security protocols irrespective of having shared data compromised. We also notified law enforcement in relevant jurisdictions.
There is no evidence that the threat actor was present after January 16, 2025. Further, there has been no additional disruption to Insight’s operations as a result of the incident.
We are working diligently to determine the scope of the incident with the support of third-party cybersecurity experts, a leading forensic and eDiscovery expert, and external legal counsel which, as shared with stakeholders, will take several weeks. We don’t believe, based on what is known, there will be any material impact on portfolio companies, Insight funds or other stakeholders. Insight will update any impacted individuals once information becomes available during our investigation.
UPDATE
May 06, 2025 | 1 min. read
Insight Partners is committed to providing updated information about the January 2025 security incident, in particular so that affected individuals can take appropriate steps to reduce any potential harms that may stem from this incident.
As noted above, we have engaged an eDiscovery vendor to help us determine conclusively what personal data was impacted and to identify the individuals to whom that data pertains. This review remains ongoing. However, we anticipate that we will begin notifying affected individuals on a rolling basis beginning in the next few days.
Based on our investigation to date, we understand that the impacted data may include certain fund, management company, and portfolio company information, banking and tax information, and certain personal information of our current and former employees, as well as information related to our Limited Partners. We have previously communicated this information to our employees and Limited Partners, and are supplementing this website statement to continue to provide relevant information to all affected individuals. These communications, including this statement, are not intended to replace a formal notification to affected individuals under applicable law. We remain committed to providing formal notification to affected individuals as promptly as possible, and will do so on a rolling basis as relevant information becomes available.
We recommend remaining vigilant to protect yourself and your organization, consistent with cybersecurity best practices. You may consider taking the following steps:
- Change personal and enterprise passwords and ensure two-factor authentication is enabled on all financial accounts.
- Monitor your financial accounts and credit information, initiate a fraud alert with all three credit bureaus, and consider placing a freeze on your credit reports.
We regret any inconvenience this incident may have caused. If you believe your personal data may have been impacted, or have any questions about our investigation, please contact Insight Partners at [email protected].
