I have knowledge of some pretty sophisticated phishing tests run at a large organization.<p>The click rate for links in those emails is shockingly high.<p>If you have a sophisticated attacker using spear fishing using company information then it's even more effective.<p>"Hey, [coworker X] told me I should send you our latest policy document for [project Y], here's the link"
There has been another hacking event targetting sequoia which has been deliberately kept secret. This data breach happened at a leading Indian law firm which is ironically abbreviated NDA (Nishith Desai Associates) and which Sequoia has used for structuring its funds, esp the Indian ones. This data breach was facilated by disgruntled employees of NDA and the leaked data has also made it to the law enforcement agencies. The leaked documents contain information about the super secret shell entities of Sequoia and other VC funds in tax haven jurisdictions such as Cayman Islands and Mauritius.
Not to throw shade on Sequoia, but the statement "We recently experienced a cybersecurity incident" reminds me of Euphemisms by George Carlin (<a href="https://youtu.be/vuEQixrBKCc" rel="nofollow">https://youtu.be/vuEQixrBKCc</a>)