Tech News: Sequoia Capital discloses data breach after failed BEC attack.
US venture capital firm Sequoia Capital disclosed a data breach after a hacker accessed one of its employees’ inboxes as part of a failed email compromise (BEC) attack in January.
Sequoia Capital has existed since 1972 and has invested in a number of high-profile technology companies over the years, including Apple, Nvidia, Google, Oracle and Cisco, as well as numerous startups, such as Airbnb, Dropbox, FireEye, Stripe, Square and WhatsApp.
Last December, the FBI sent out a Private Industry Notification (PIN) to warn U.S. companies that cybercriminals had begun abusing auto-forwarding rules in web-based email clients to increase their chances of success. BEC attacks.
“Around January 20, 2021, we learned that an unauthorized third party had obtained remote access to a Sequoia employee’s corporate email inbox with the apparent purpose of conducting a diversionary fraud. Our investigation found no evidence of compromise beyond this mailbox. We quickly took steps to secure our network and began investigating the incident with the help of external cybersecurity experts. “
Fortunately, the attacker was only able to hack into an employee’s inbox and had no access to any other resources or assets on Sequoia Capital’s network. However, the company said the personal information of fewer than 1,000 California residents may have been exposed in the attack.
Additionally, security experts hired by Sequoia Capital have found no evidence that this personal data has been sold or traded by cybercriminals on the dark web. To protect those whose data may have been exposed, the company offers 24 months of free credit monitoring and identity theft protection from Experian.