California-based tech incubator IdeaLab has formally confirmed that sensitive data was stolen during a ransomware attack discovered in October 2024. The breach, now attributed to the Hunters International ransomware group, compromised information belonging to employees, contractors, and their dependents.
The company, known for launching over 150 startups since its founding in 1996—including GoTo.com, Authy, and Energy Vault—detected unauthorized activity on October 7, 2024. A forensic investigation revealed that attackers had accessed the network three days earlier, on October 4.
“We determined that certain systems were accessed without authorization, and some data was removed,” IdeaLab said in a notification to affected individuals.
While the company has not confirmed the nature of the cyberattack, Hunters International publicly claimed responsibility on October 23, leaking 137,000 files totaling over 262 GB on the dark web. The leaked data likely includes names combined with other sensitive identifiers, although the full scope was not disclosed in official notifications.
A Long-Running Investigation Reveals Widespread Exposure
IdeaLab brought in third-party cybersecurity firms to investigate and assess the breach’s impact. The review concluded on June 26, 2025, confirming that the data exfiltration affected:
- Current and former full-time employees
- Support service contractors
- Family members and dependents of those individuals
Although the download link for the stolen data has since gone offline, it’s highly probable that multiple cybercriminals accessed the files before removal.
Adding to the complexity, the Hunters International ransomware gang appears to have shut down their extortion portal and announced the end of operations just as IdeaLab went public with the breach. They claimed they would release free decryption keys for all victims.
However, researchers at Group-IB suggest this move may signal a rebranding effort. Back in April, Group-IB identified a shift by the same actors toward a new platform called World Leaks, focusing solely on extortion without encryption.
Credit Protection Offered, but Risks Remain
IdeaLab is now offering 24 months of credit monitoring, identity theft protection, and dark web monitoring through IDX. Impacted individuals have until October 1 to enroll.
This breach is the latest example of how ransomware groups continue to target not just large enterprises, but influential firms with rich datasets—even those outside traditional critical infrastructure. Given IdeaLab’s legacy in venture capital and startup incubation, the data exposure could have broader implications in both financial and innovation sectors.
For organizations navigating ransomware fallout, swift recovery is critical. When cyberattacks hit systems with sensitive data, having a secure, air-gapped backup becomes essential to avoid irreversible loss.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
