Sequoia Capital, one of the largest and most successful venture capital firms in the world, has told its investors that some of their personal and financial information may have been accessed by a third party, after a Sequoia employee’s email was successfully phished, according to an Axios report.
In a statement to Axios, a Sequoia spokesperson said:
“We recently experienced a cybersecurity incident. Our security team responded promptly to investigate, and we contacted law enforcement and engaged leading outside cybersecurity experts to help remediate the issue and maintain the ongoing security of our systems. We regret that this incident has occurred and have notified affected individuals. We have made considerable investments in security and will continue to do so as we work to address constantly evolving cyber threats.”
Sequoia is a venture capital focused on energy, financial, enterprise, healthcare, internet, and mobile startups, and has 1100+ corporate clients, as well as more than 200 international clients, with portfolio companies like Airbnb, DoorDash, and Robinhood, says Axios.
Joseph Carson, chief security scientist and Advisory CISO, at Washington D.C. based Thycotic, says, “Phishing attacks are a real threat for many organizations. However, not all phishing security incidents are equal and successful phishing attacks that compromise employees with privileged access or access to privileged data can have a serious impact either from ransomware or data theft. The latest news regarding Sequoia Capital shows that privileged access continues to be a major challenge for organizations and how critical it is to protect privileged access and access to privileged data with a strong privileged access security solution is a top priority. Privileged access is no longer just about Domain Admins and it is also important to consider business users who have access to sensitive data as privileged access.”