Secretive VC outfit has data ransacked? That's regrettable...
...said nobody.
Insight Partners, a mega venture capital firm with more than $90 billion in funds under management, fears network intruders got their hands on internal sensitive data about employees, portfolio companies, investors, and more. In February, the biz informed folks that some miscreants had performed a "sophisticated social …
Sure. This time it was a letter purporting to be from the NSA demanding the list of server logins and passwords to ensure that no server had been unduly accessed.
Information that was sent by Reply To to an address of the type "honestNSAemployee@truensa.com.ru.
Insight doesn't state if the information in question was stolen or just viewed.
Whenever either sensitive and/or intended to be secured and secret information is there no question that the one [was it stolen] is as just as good as the other [was it viewed]
The problem is NOT that Gary Grunt or Pauleen Peone were fooled by cybercrims.
The root-cause problem is that the real Big Boss(es) can, and do, call up Gary and Pauleen, and demand that Gary/Pauleen take all sorts of security-compromising, company-policy-violating, GAAP-busting actions, such as, "Wire £10M from the employee retirement account to my personal checking account, and put it down as a loan," and, "Make my nephew, Freddy Fumblefingers administrator on host smytheco-gb-dc0."
Should Gary/Pauleen ask for identity verification, a second signature on the order, or point out the Big Boss(es) is/are demanding Gary/Pauleen to commit a security policy violation and/or a crime, the Big Boss(es) thunder, "Don't you know who I am?! Carry out my orders imnediately, or I will have you fired! You'll never work again in this industry! You'll never work again in this city!!"
Gary/Pauleen know the Big Boss(es) can, will, and have made this happen, and that Gary/Pauleen have effectively zero protection against this.
So Gary/Pauleen carry out these orders immediately without question or pause for verification.