The Long-Horizon of Ransomware Impacts
5–12–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, May 12, 2025, and this is very much one of those “full circle” episodes, because everything we’re going to talk about today, we’ve talked about before.
The Long-Horizon of Ransomware Impacts
We saw a couple of stories need to be re-visited last week, and that’s never a good sign.
First, we saw an article noting “Venture capital firm Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack.”
A notice from the firm outlines the specifics, including the fact that “The data that has been exposed varies per individual and investor, and may include:
Fund information
Management company information
Portfolio company information
Banking information
Tax information
Personal information of current and former employees
Information related to Limited Partners”
That seems like quite a bit of information about folks with quite a bit of money - so we’ll hope that the rest of their controls are solidly in place.
Obviously, not a great thing to be working through, especially for a firm that has so many cybersecurity investments. Maybe not a coincidence, then, that we also saw Warburg Pincus announce last week that they’ve hired the former CISO of Google Cloud to work with them and their PortCos as an advisor.
Insight wasn’t the only one having to circle back on a breach last week, unfortunately. We also saw PowerSchool - the K-12 edtech provider that was breached in December of 2024 - put out a notice reading:
"PowerSchool is aware that a threat actor has reached out to multiple school district customers in an attempt to extort them using data from the previously reported December 2024 incident," PowerSchool shared in a statement to BleepingComputer.
We also learned that PowerSchool did decide to pay the ransom during their event, noting
“we made the decision to pay a ransom because we believed it to be in the best interest of our customers and the students and communities we serve," continued the PowerSchool statement.”
"It was a difficult decision, and one which our leadership team did not make lightly. But we thought it was the best option for preventing the data from being made public, and we felt it was our duty to take that action. As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us."
Now, according to several districts, they are being extorted directly - but appear to have very little recourse.
While stories like this are certainly disheartening, I think they can serve as good reminders for us to all refocus on some things that are important but decidedly unglamorous - including data retention policies (and practices!), as well as continuing to build and refine our own third-party risk management practices internally.
You’ll recall that we saw a sharp spike in third-party breaches in the reports we outlined a couple of weeks back, and these are the sorts of impacts those breaches can have.
Fundraising
Quiet week from a fundraising perspective, with just over $2.4B in newly committed capital, the lowest amount we’ve seen in any week all year.
Not surprising, given how much volatility we’ve been working through in the macro sense.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.insightpartners.com/ideas/statement-from-insight-partners-on-cyber-incident/
https://www.tdsb.on.ca/home/ctl/Details/mid/43823/itemid/473