Sequoia Capital, a major US venture capital firm, informed its investors on Friday that the company had suffered a data breach. Investors’ personal and financial information was accessed by an unauthorized third party as a result of a successful phishing attack.
About Sequoia Capital
Sequoia Capital was founded in 1972 and is headquartered in Menlo Park, California. Today the firm is one of the largest and most successful venture capital firms in the world. Although it focuses mainly on the technology industry, its portfolio also includes healthcare, outsourcing and financial services.
The firm invests in both public and private companies. And has offices in India, South East Asia, Israel, China and the UK. Amongst the most well-known companies it has backed are Apple, Google, Oracle, PayPal, LinkedIn, Instagram YouTube and WhatsApp. According to its website, it has also invested in cybersecurity firms like FireEye and Carbon Black. The combined aggregate public market value of the companies it has backed since its founding is over $3.3 trillion.
Sequoia’s investors are known as limited partners and are believed to include large financial institutions, Tech executives and charitable foundations.
Sequoia Capital informed its investors on Friday that the company had suffered a breach. During the breach, an unauthorized third party accessed both personal and financial information of the firm’s investors.
“We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems.”
As the hacking incident is still in the early stages of investigation, not much detail is yet available. What is known is that the cybersecurity incident occurred as a result of a successful phishing attack against one of Sequoia’s employees. The attack was conducted via the employee’s company email account.
It is not yet known how much of the large volume of investor data contained on Sequoia Capital’s systems was stolen. Nonetheless, Sequoia has told investors they are monitoring the dark web for evidence of this data being traded on hacker forums. However, the hackers could be exploiting the stolen information in some other manner, for stealing funds or conducting identify theft, for example. Or the phishing attack could have been used by the hackers to gain a foothold in the firm’s corporate network.
The Firm’s Response
Sequoia Capital have confirmed that their security team is investigating the incident to establish the scale of the problem. They have also notified the relevant law enforcement agencies and have engaged external cybersecurity experts to help with the investigations.
“We regret that this incident has occurred and have notified affected individuals,” a spokesperson for the firm said. “We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats.”