Advanced Technology Ventures, a Silicon Valley venture capital firm with more than $1.8 billion in assets under its management, was hit by a ransomware attack in July that saw cybercriminals steal personal information on its private investors or limited partners (LPs). In a letter to the Maine attorney general’s office, ATV said it became aware of the attack on July 9 after its servers storing financial information had been encrypted by ransomware. By July 26, the ATV learned that data had been stolen from the servers before the files were encrypted, a typical “double extortion” tactic used by ransomware groups, which threatened to publish the files online if the ransom decrypts the files is not paid.
The letter said ATV believes the names, email addresses, phone numbers, and Social Security numbers of the individual investors in ATV’s funds were stolen in the attack. According to a listing on the Maine attorney general’s data breach notification portal, some 300 individuals were affected by the incident, including one person in Maine. To the public, venture capital firms often do not disclose all of their LPs — the investors who have thrown millions into an investment vehicle.
Some pre-approved names may be included in an announcement, but overall, a company’s private investors try to stay that way: private. The reasons vary, but it comes down to secrecy and a degree of competitive advantage: The firm may not want competitors to know who is backing them, and an investor may not want others to know where their money is going. This particular attack likely stole vital information on a hush-hush part of how venture money works.
ATV said it notified the FBI about the attack. A spokesperson for the FBI did not immediately comment when reached by TechCrunch. ATV’s managing director Mike Carusi did not respond to questions sent by TechCrunch on Monday. The venture capital firm, based in Menlo Park, California, with offices in Boston, was founded in 1979 and invests mainly in technology, communications, software and services, and healthcare technology.
The company was an early investor in many startups from the last decade, like software library Fandango, Host Analytics (now Plan fun), and Apptegic (now Evergage). Its more recent investments include Tripwire, which was later sold to cybersecurity company Belden for $710 million; Cedexis, a network traffic monitoring startup acquired by Cisco in 2018; and Actifio, which was sold to Google in 2020. Natasha Mascarenhas contributed reporting. Send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send TechCrunch files or documents using our SecureDrop.