Cyber Incident Victim: Sequoia Capital
Date:
Jan 2021
Location:
United States of America
Summary
A venture capital firm experienced a data breach after unauthorized third parties remotely accessed an employee's business email mailbox in an attempted wire transfer scam. The attackers were confined to the single compromised mailbox without accessing broader network resources, though personal information within the email files may have been exfiltrated. The organization engaged external security experts to investigate, implemented enhanced detection tools and configuration remediations, reviewed data-sharing practices, and reinforced staff phishing awareness training. While no evidence indicated stolen data was misused or traded, affected individuals were offered complimentary credit monitoring and identity theft protection services. Law enforcement was notified, and the firm emphasized ongoing security investments to counter evolving cyber threats.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or about January 20, 2021, Sequoia Capital discovered unauthorized third-party access to a single employee’s business email mailbox, which investigators determined was part of an attempted business email compromise (BEC) attack. The threat actors specifically targeted the mailbox to execute what the firm described as a "wired version scam," a fraudulent scheme aimed at redirecting legitimate financial transactions to attacker-controlled accounts. This incident occurred amid heightened FBI warnings about BEC campaigns exploiting email auto-forwarding rules to increase success rates, though the article does not confirm whether such tactics were used in this case. Sequoia’s internal security mechanisms detected the intrusion, prompting immediate engagement with external cybersecurity experts to investigate the breach’s scope and secure systems. Forensic analysis confirmed the attackers’ access was limited exclusively to the compromised mailbox, with no lateral movement into other network resources, servers, or financial systems. The investigation revealed no evidence of data exfiltration tools or malware deployment beyond the email account itself, suggesting the attackers focused on intercepting communications rather than deploying persistent threats. While the breach duration remains unspecified, the firm acted swiftly upon detection to terminate unauthorized access and analyze mailbox contents for exposed data.
The compromised mailbox contained files with personal information belonging to individuals, though Sequoia did not disclose the exact number of affected parties or data types beyond confirming the exposure risk. Despite the attackers’ potential access to these files, the firm found no indications that stolen data circulated on dark web markets or other criminal platforms during their two-month investigation. Sequoia notified impacted individuals directly and offered 24 months of Experian credit monitoring and identity theft protection services. Remediation efforts included correcting the unidentified configuration flaw that enabled initial access, deploying enhanced email security controls to detect malicious content and anomalous user activity, and revising internal protocols for storing and sharing sensitive data—particularly regarding email forwarding rules. The company also conducted mandatory security training refreshers emphasizing phishing recognition and data handling best practices. Law enforcement agencies were notified, though no further details about their involvement were provided. Sequoia publicly framed the incident as a contained breach with limited operational impact, reiterating its commitment to ongoing security investments against evolving cyber threats while acknowledging the failure to prevent unauthorized access to a critical communication channel.