American firm Sequoia Capital has publicly disclosed a suspected data breach recently. The firm suspects this incident after facing a failed BEC attack.
Sequoia Capital Data Breach
Reportedly, the venture capital firm Sequoia Capital Operations has shared a security notice regarding a data breach. Sequoia Capital is a huge name in the market as it backed numerous giant corporations such as Apple, Google, LinkedIn, Yahoo, Electronic Arts, and more.
As revealed, Sequoia Capital suffered a BEC (business email compromise) attack on one of its employees’ accounts.
On or about January 20, 2021, we learned that an unauthorized third party had gained remote access to the business email mailbox of one Sequoia employee, with the apparent aim of conducting a wire diversion scam.
While the firm quickly detected the intrusion and contained it. Yet, they suspect that the attackers might have accessed or downloaded some files that contained users’ personal data.
Thus, they have informed the customers about this incident.
Security Measures Underway
Following the cybersecurity incident, Sequoia Capital took the necessary security steps to remedy the intrusion.
In brief, they deployed prevention and detection technology to detect malicious activity right at the point. Also, they have informed the law enforcement authorities and cybersecurity experts to investigate the matter. This is all in addition to dark web monitoring.
Out of an abundance of caution, Sequoia has also conducted dark web monitoring to determine whether any of the data from the business email mailbox is being sold or traded by cybercriminals, and we have not seen any indication that the email mailbox data is being exploited for any purpose.
Besides, they have also mentioned in the notice to have started fresh training of the staff regarding phishing awareness.
As for the users, the firm expects little to no damages to them in the wake of this attack. However, they have still offered a free 24-month credit monitoring and identity theft protection via Experian to all affectees. Hence, if anyone suspects a potential impact from this data breach, the user can sign-up for this service.