Security News > 2021 > February > Venture Capital Giant Sequoia Targeted in BEC Attack
Silicon Valley-based venture capital giant Sequoia Capital said the recently disclosed data breach was apparently the result of a business email compromise attack attempt.
In a data breach notice sent to impacted individuals, a copy of which has been submitted to attorney general's offices, Sequoia revealed that it learned of unauthorized access to an employee's business email inbox on January 20, 2021.
The company believes the breach was part of a "Wire diversion scam," which is a type of BEC attack where hackers typically pose as an executive or a trusted vendor and attempt to trick an employee into wiring money to a bank account they control instead of a legitimate account.
Sequoia has not provided other information on the attack itself, but the company has found no evidence of other email accounts being compromised.
"Out of an abundance of caution, Sequoia has also conducted dark web monitoring to determine whether any of the data from the business email mailbox is being sold or traded by cyber criminals, and we have not seen any indication that the email mailbox data is being exploited for any purpose," Sequoia told impacted individuals.
In response to the incident, Sequoia said it addressed the configuration issue that allowed the attacker to gain initial access, it deployed additional technology to detect suspicious user activity and malicious email content, it reviewed methods for storing and sharing sensitive information, and "Refreshed" security training with an emphasis on phishing awareness and data handling.