Sequoia has revealed that it has suffered a cyber attack

In early December the venture capital firm Sequoia has communicated to its customers of detecting unauthorized access to a cloud storage archive which contained a number of sensitive and personal data related to customers of one of the organizations that are part of the company, Sequoia One.

Sequoia has informed its corporate and consumer customers that their data may have been affected by the breach, which likely occurred between September 22 and October 6. The company is offering victims of the data breach three years of free data management and data protection services. The hacked Sequoia cloud system stored a number of sensitive personal information including names, addresses, birthdates, gender, marital status, employment status, Social Security numbers, work email addresses, salary benefits information, and member IDs, as well as other types of documents such as Covid test results and vaccination list uploaded by employees to the referral system.

“An unauthorized outsider may have had access to a cloud storage system that contained personal information‘ the company wrote in a communication to customers. Wired US viewed examples of notifications sent to businesses and individual customers. “As soon as the company became aware of the situation, a response plan was initiated and a number of immediate actions were completed, including working with independent legal counsel to initiate a forensic audit by Dell Secureworks. The audit found no evidence that the unauthorized party improperly used or distributed data“.

Sequoia One is a Peo (professional employer organisation) which provides outsourced HR and payroll services. The company is much appreciated by startups because it streamlines the process of managing and awarding key programs for compensation, benefits and equity. Sequoia One reports currently working with over five hundred venture capital-backed clients. When Wired US asked Sequoia about the number of people who risk having their data exposed and how many were offered free identity protection services, Kristin Schaeffer, the vice president of public relations at communications firm Amf Media Group, declined to comment on behalf of the company: “At this time our attention and communications are directed only to our customers”.