Venture capital firm Advanced Technology Ventures has been struck by a ransomware attack that has resulted in the theft of personal information relating to its investors.

The firm disclosed the ransomware attack in a letter sent to the Maine Attorney General’s Office. The ransomware attack is said to have taken place on July 9 and is first described in the letter as anomalous activity on servers that stored financial reporting information. The letter goes on to say that ATV soon determined that its servers had been encrypted by a ransomware attack.

On July 26, ATV then learned that data had been stolen from their servers. The stolen information includes names, email addresses, phone numbers and Social Security Numbers of individual investors in company funds.

“We are not at this time aware of any fraud or misuse of information as a result of this incident,” ATV added in the letter. An estimated 300 investors were affected by the incident.

Ticking off the standard list of ransomware responses, ATV said that it had launched an internal investigation, hired a third-party forensic investigation firm and informed the U.S. Federal Bureau of Investigation. Two years of complimentary identity protection services is also being offered to investors who had their information stolen.

The form of the ransomware and the price of the ransom demand was not disclosed.

According to Crunchbase, ATV focuses on investing in information and communications technology, infrastructure, consumer technology, bio-pharmaceuticals and the medical industry. In this case, they may have been better investing in cybersecurity startups.

“Unfortunately, ransomware attacks have become all too familiar, and the attack on Advanced Technology Ventures is a prime example that no company or organization is safe,” James Carder, chief security officer of security intelligence firm LogRhythm Inc. told SiliconANGLE. “The personal information, including names, email addresses and Social Security numbers of some of the company’s private investors and partners are now at risk of being leaked online. This is information that is typically classified for venture capital firms, as companies try to keep a competitive advantage through secrecy of investors and funding.”

Ilia Kolochenko, founder, chief executive officer and chief architect at pentesting company ImmuniWeb Inc. noted that “venture funds are low-hanging fruit for smart cybercriminals who aptly exploit this weakest link of the supply chain.”

“Prominent startups and even leading technology companies share a great wealth of highly confidential data with VCs, spanning from their financial performance or per-client spending to intellectual property and trade secrets,” Kolochenko explained. “Very few VCs can afford a cyber-defense program comparable to the banking industry for example. The human factor also plays a decisive role, while the high turnover of junior analysts and interns exacerbate the risk of successful phishing and social engineering attacks.”

Image: Advanced Technology Ventures