New York-based Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack, the firm said this week. The disclosure follows an incident it first reported in February, when a threat actor gained access to its network through a sophisticated social engineering scheme.
Company filings indicate the attackers exfiltrated data before encrypting servers. Investigators say the breach began with unauthorized access on or around October 25, 2024, and on January 16, 2025, the attackers began encrypting servers after exfiltrating data. The incident has prompted the firm to review and publicize the scope of exposed information.
Insight Partners said the stolen data includes banking and tax information, personal information of current and former employees, information related to limited partners, and data related to the fund, management company, and portfolio companies. The firm emphasized that formal notification letters are being mailed to all individuals whose data was impacted and that complimentary credit or identity monitoring services are being offered. It added that, if a notification letter has not been received by the end of September 2025, the company has determined that the individual’s personal data was not impacted.
While no ransomware gang has claimed responsibility, Insight Partners disclosed the breach in filings with state authorities. California’s attorney general’s office has a notification on file, and the disclosure was first reported by TechCrunch.
In Maine, the attorney general’s office provided an additional filing noting that the breach affects 12,657 individuals.
Insight Partners manages more than $90 billion in regulatory assets and has invested in more than 800 software and technology startups over its 30-year history.