IdeaLab confirms data stolen in ransomware attack last year

IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information.

Although the organization does not describe the type of attack, the Hunters International ransomware group has claimed the breach and leaked the stolen data on the dark web.

IdeaLab is a California-based technology startup incubator that since 1996 has launched over 150 companies, including GoTo.com, CitySeach, eToys, Authy, Pet.net, Heliogen, and Energy Vault.

Being one of the longest-running and influential venture capital firms in the U.S., the company has generated considerable economic impact, job creation, and investment value.

On October 7, 2024, IdeaLab detected suspicious activity on its network. Upon investigation, it was determined that threat actors had gained unauthorized access to its systems three days earlier.

The company contracted third-party services to help with the investigation, which finished on June 26 this year.

The results confirmed that data had been stolen from its systems, impacting current and former employees, current and former support service contractors, and their dependents.

In the sample notification shared with authorities, IdeaLab did not describe all the information exposed in the incident, saying only that the hackers accessed only names in combination with various other types of data.

On October 23, 2024, likely after a failed extortion attempt, Hunters International disclosed the data stolen from IdeaLab.

The leak contains 137,000 files totaling 262.8 GB in size. At the time of writing, the download link no longer works, but it’s very likely that multiple threat actors downloaded the files earlier.

Earlier today, the threat actor announced that they’re shutting down Hunters International and deleted all company entries and files from its extortion portal. The hackers offered to share free decryption keys for all their victims.

However, this may be part of a rebrand attempt, as researchers at cybersecurity company Group-IB in April said the threat actor launched a new, extortion-only operation called World Leaks.

To protect against the risks that arise from this incident, the notification recipients are offered free-of-charge coverage for a 24-month credit protection, identity theft, and dark web monitoring services through IDX. Impacted individuals are given until October 1 to enroll.