Sequoia Capital Admits to Being Hacked, Phishing Scam to Blame

Venture capital giant, Sequoia Capital, informed its investors last Friday, February 19, 2021, that it had been involved in a data security incident where some of the personal information and financial data of its investors may have been accessed by a threat actor.

The venture capital firm gears its efforts and support towards businesses in varying sectors, including the likes of energy firms, financial, healthcare companies, internet, enterprise, mobile startups, and many others.

Security Magazine states that Sequoia Capital currently has more than 1,100 clients in the corporate sector alone. It also counts over 200 international clients, including giants such as Airbnb, DoorDash, and Robinhood.

Sequoia Capital Admits to Being Hacked

As of writing, Business Insider reveals that the company manages around $38 billion in assets. Apart from the aforementioned companies, Sequoia Capital has also invested in Carbon Black, FireEye, and 23andMe.

According to Security Magazine, the incident reportedly stemmed from a phishing attack sent to an employee’s email account.

Phishing attacks pose heightened concerns for many institutions and businesses across sectors, states chief security scientist and Advisory CISO at Thycotic, Joseph Carson.

In a statement to Security Magazine, Carson said, “The latest news regarding Sequoia Capital shows that privileged access continues to be a major challenge for organizations and how critical it is to protect privileged access and access to privileged data with a strong privileged access security solution is a top priority.”

Meanwhile, Business Insider reports that company investors are touted as limited partners, with these representatives and investors supposedly rarely divesting information. Some of the partners come from various industries, including private family wealth offices, sovereign wealth funds, and university endowments.

In a statement, a Sequoia Capital representative said, “We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems.”

In addition, the representative also said, “We regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats.”

Besides the venture capital is staying on top of the cybersecurity incident and has leveraged the services of law enforcement agencies, the Business Times states that Sequoia is also monitoring activity on the Dark Web to see if any personal information has come up, whether through trade or exploitation. There have been no signs, however, that such data has been posted on the Dark Web.