The VC firm Sequoia Capital disclosed an email data breach in a DOJ notice of breach sent to affected individuals. Excerpt:

“On or about January 20, 2021, we learned that an unauthorized third party had gained remote access to the business email mailbox of one Sequoia employee, with the apparent aim of conducting a wired version scam,” Sequoia Capital explained in a notice of data breach sent to affected individuals.”  A Gurucul expert offers commentary.

Experts Comments

February 26, 2021
Saryu Nayyar
CEO
Gurucul

The Sequoia Capital data breach announcement is short on detail, beyond it being an employee's email account being breached and the attacker failing in their scam.  However, it's likely the individual victim was the target of a phishing attack of some sort which led to credential theft.

 

Incidents like this can be difficult to catch if the attacker is careful, but it appears Sequoia Capitol's security stack and process were up to the task. Ultimately, organizations should all be able to blunt

.....Read More

The Sequoia Capital data breach announcement is short on detail, beyond it being an employee's email account being breached and the attacker failing in their scam.  However, it's likely the individual victim was the target of a phishing attack of some sort which led to credential theft.

 

Incidents like this can be difficult to catch if the attacker is careful, but it appears Sequoia Capitol's security stack and process were up to the task. Ultimately, organizations should all be able to blunt these attacks through a combination of user education to reduce the risk of initial compromise, backed by a well-equipped and well-trained Security Operations team to deal with the attackers that make it inside.  It's a matter of deploying the right training and tools to get it done.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.