Hackers use social engineering to compromise venture capital firm Insight Partners

Venture capital firm Insight Partners said it experienced a data security incident that involved threat actors using a sophisticated social engineering attack to hack into its internal network.

Headquartered in New York, Insight Partners is a global venture capital and private equity firm that invests in high-growth technology, software, and internet companies. With offices in London, Tel Aviv, and the Bay Area, the company has several prominent clients including healthcare technology provider Inovalon, workforce management company Vector Solutions, and more.

In a data security incident notice published on its website, Insight Partners said that on January 16, it detected unauthorised access to its internal network where a third-party gained access to certain Insight information systems through a sophisticated social engineering attack.

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident. It also took steps to contain and remediate the incident and notified relevant law enforcement authorities about the same.

“We notified stakeholders connected to Insight in January to alert them and encourage vigilance and tightened security protocols irrespective of having shared data compromised,” the venture capital firm said. “There is no evidence that the threat actor was present after January 16, 2025. Further, there has been no additional disruption to Insight’s operations as a result of the incident.”

Insight Partners added that the full course of investigation, including determining the scope of the incident, may take weeks to complete but it will provide updates to affected customers as and when necessary.

“We don’t believe, based on what is known, there will be any material impact on portfolio companies, Insight funds or other stakeholders,” the company said.

At the time of publishing, no known hacker group has claimed responsibility for the cyber attack on the venture capital firm. The company also did not share details on who is behind the attack or if it has paid a ransom.