[BreachExchange] VC firm Sequoia Capital suffers data breach, investor information stolen

Tue Feb 23 10:39:14 EST 2021

https://siliconangle.com/2021/02/22/legendary-vc-firm-sequoia-capital-suffers-data-breach-investor-information-stolen/

Sequoia Capital, one of the most famous venture capital firms in
Silicon Valley has suffered a data breach with investor information
likely stolen.

Officially referred to by the firm as a “cybersecurity incident,” it’s
believed that the attack vector was via an employee being phished.
Whether malware or ransomware was involved in the data breach is not
clear with Sequoia informing its investors of the breach on Friday,
Feb. 19.

The data potentially stolen is said to include personal and financial
information. Axios reported Feb. 20 that Sequoia told investors that
it has been monitoring the dark web, the shady corner of the internet
where illicit goods and services change hands, and has not seen any
indication that compromised information is being traded or otherwise
exploited.

In a statement, Sequoia said that its security team responded promptly
to investigate the data breach, that outsider cybersecurity experts
had been hired to “help remediate the issue” and that law enforcement
has been contacted. The specific use of language — to “help remediate
the issue” — could suggest that the attack is ongoing and hence may
involve ransomware as opposed to simply malware. A phishing attack
that simply delivered malware should be in most circumstances fairly
easy to fix.

“We regret that this incident has occurred and have notified affected
individuals,” Sequoia added. “We have made considerable investments in
security and will continue to do so as we work to address constantly
evolving cyber threats.”

Founded in 1972, Sequoia Capital has been a prolific investor in tech
startups and counts among its most successful investments Apple Inc.,
Atari Corp., Google LLC, Oracle Corp., Nvidia Corp., PayPal Holdings
Inc., LinkedIn, Stripe Inc., YouTube, Instagram, Yahoo and WhatsApp,
among many others. Sequoia was an early investor in those companies,
delivering billions in profits in the process.

“Phishing attacks are a real threat for many organizations,” Joseph
Carson, chief security scientist and advisory chief information
security officer at privileged access management company Thycotic
Software Ltd., told SiliconANGLE. “However, not all phishing security
incidents are equal and successful phishing attacks that compromise
employees with privileged access or access to privileged data can have
a serious impact either from ransomware or data theft.”

Privileged access continues to be a major challenge for organizations,
Carson added. “Privileged access is no longer just about domain admins
and it is also important to consider business users who have access to
sensitive data as privileged access,” he said.