- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Silicon Valley VC Firm Phished
A leading venture capital firm based in California’s Silicon Valley has fallen victim to a cyber-attack.
According to Axios, Sequoia Capital contacted investors on Friday, February 19, to inform them that their financial data and personal information had been accessed by an unauthorized third party. The data breach occurred after the email account belonging to an employee at the firm was compromised in a phishing attack.
Sequoia Capital is run from offices on Sand Hill Road in Menlo Park. Companies that the firm has invested in include Airbnb, DoorDash, 23andMe, GitHub, Google, Zoom, WhatsApp, YouTube, and Robinhood, and cybersecurity firms Carbon Black, Tessian, and FireEye.
The 49-year-old firm said law enforcement had been notified of the security breach and that IT specialists had been hired to investigate what happened and restore cybersecurity to the company.
“We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems,” said a Sequoia spokesperson.
“We regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats.”
Sequoia Capital, which Pitchbook data states has more than $38bn in assets under management, said it had found no evidence that any investor data compromised in the incident has been misused.
“Phishing attacks are a real threat for many organizations. However, not all phishing security incidents are equal and successful phishing attacks that compromise employees with privileged access or access to privileged data can have a serious impact either from ransomware or data theft,” Joseph Carson, chief security scientist and advisory CISO at Thycotic told Infosecurity Magazine.
“The latest news regarding Sequoia Capital shows that privileged access continues to be a major challenge for organizations and how critical it is to protect privileged access and access to privileged data,” Carson said. “Privileged access is no longer just about domain admins . . . [I]t is also important to consider business users who have access to sensitive data as privileged access.”
