VC behemoth Insight Partners fears top-secret financial info swiped by cyber-miscreants

a "sophisticated social engineering attack"

Sure. This time it was a letter purporting to be from the NSA demanding the list of server logins and passwords to ensure that no server had been unduly accessed.

Information that was sent by Reply To to an address of the type "honestNSAemployee@truensa.com.ru.

Splitting hairs doesn’t change the Bigger Picture in SMARTR Greater IntelAIgent Games

Insight doesn't state if the information in question was stolen or just viewed.

Whenever either sensitive and/or intended to be secured and secret information is there no question that the one [was it stolen] is as just as good as the other [was it viewed]

Look Past the Surface and You will See Why this Problem Never Ends

The problem is NOT that Gary Grunt or Pauleen Peone were fooled by cybercrims.

The root-cause problem is that the real Big Boss(es) can, and do, call up Gary and Pauleen, and demand that Gary/Pauleen take all sorts of security-compromising, company-policy-violating, GAAP-busting actions, such as, "Wire £10M from the employee retirement account to my personal checking account, and put it down as a loan," and, "Make my nephew, Freddy Fumblefingers administrator on host smytheco-gb-dc0."

Should Gary/Pauleen ask for identity verification, a second signature on the order, or point out the Big Boss(es) is/are demanding Gary/Pauleen to commit a security policy violation and/or a crime, the Big Boss(es) thunder, "Don't you know who I am?! Carry out my orders imnediately, or I will have you fired! You'll never work again in this industry! You'll never work again in this city!!"

Gary/Pauleen know the Big Boss(es) can, will, and have made this happen, and that Gary/Pauleen have effectively zero protection against this.

So Gary/Pauleen carry out these orders immediately without question or pause for verification.