The VC firm Sequoia Capital disclosed an email data breach in a DOJ notice of breach sent to affected individuals. Excerpt:

“On or about January 20, 2021, we learned that an unauthorized third party had gained remote access to the business email mailbox of one Sequoia employee, with the apparent aim of conducting a wired version scam,” Sequoia Capital explained in a notice of data breach sent to affected individuals.”  A Gurucul expert offers commentary.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Saryu Nayyar
Saryu Nayyar , CEO
InfoSec Expert
February 26, 2021 10:57 am

<p>The Sequoia Capital data breach announcement is short on detail, beyond it being an employee\’s email account being breached and the attacker failing in their scam.  However, it\’s likely the individual victim was the target of a phishing attack of some sort which led to credential theft.</p> <p> </p> <p>Incidents like this can be difficult to catch if the attacker is careful, but it appears Sequoia Capitol\’s security stack and process were up to the task. Ultimately, organizations should all be able to blunt these attacks through a combination of user education to reduce the risk of initial compromise, backed by a well-equipped and well-trained Security Operations team to deal with the attackers that make it inside.  It\’s a matter of deploying the right training and tools to get it done.</p>

Last edited 1 year ago by Saryu Nayyar
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x