Insight Partners, the venture capital giant with over $90 billion in assets under management, has confirmed a major data breach stemming from a cyberattack first discovered in January 2025. The firm is now notifying employees, limited partners, and associated companies that their sensitive information may have been compromised.
The breach was initially detected on January 16, with Insight claiming at the time that the threat actor had been swiftly removed. However, the extent of the intrusion remained unclear until now. In a new update this week, the firm revealed that the cyberattack did result in the exposure of confidential information tied to its operations and personnel.
According to Insight’s internal investigation, the compromised data includes fund-related and portfolio company details, tax records, banking information, and personal data of both current and former employees. Importantly, information connected to limited partners—many of whom represent institutional investors and high-net-worth individuals—was also affected.
The firm has started notifying those confirmed to be impacted by the breach. As a precaution, Insight Partners is advising all affected parties to change passwords, enable multi-factor authentication, and closely monitor their credit and financial accounts. They’ve also urged individuals to consider placing fraud alerts and even freezing their credit reports to mitigate potential misuse.
At this stage, the company hasn’t confirmed whether the breach involved ransomware. No cybercrime group has stepped forward to claim responsibility, and the attack has not been linked to any known ransomware campaigns.
With a portfolio spanning over 800 companies—including leading cybersecurity firms like Wiz, SentinelOne, Recorded Future, Aqua Security, Armis, and Checkmarx—Insight Partners is one of the most influential players in the global venture capital ecosystem. The irony of a cybersecurity breach hitting a firm that backs some of the world’s top security startups underscores how no organization is immune from sophisticated digital threats.
