I'm Karri the Linear CEO who is involved in this. I posted this on Twitter but several points in this post are not true:
On Friday we had an internal policy violation that affected three companies.
- I have 7 Linear investors now confirming they were contacted with the same solicitation in the past months. I have screenshots. So the violations (so far) stopped on Friday, but started months ago.
- I have heard from close to 10 companies who had this happen to them months or years ago.
- They also did not answer my request of sharing how many of our investors were affected and also hasn’t tried to make any amends during this whole time
- The issue is not resolved. This blog post or Henry never gave me any concrete information, actions, or promised this wouldn’t happen again.
- At this point, as I haven’t received any assurances that this is not the case, I have to assume our cap table and other information has been free for all within Carta entities to be used however they can, at least months, maybe the past 4 years with no real controls in place.
I'd compare this to security incident. I've told them and expect them to do a full investigation and a post-mortem what data has been exposed, who was affected, how it was possible and what will be done in the future to prevent it.
- I have heard from close to 10 companies who had this happen to them months or years ago.
- They also did not answer my request of sharing how many of our investors were affected and also hasn’t tried to make any amends during this whole time
- The issue is not resolved. This blog post or Henry never gave me any concrete information, actions, or promised this wouldn’t happen again.
- At this point, as I haven’t received any assurances that this is not the case, I have to assume our cap table and other information has been free for all within Carta entities to be used however they can, at least months, maybe the past 4 years with no real controls in place.
I'd compare this to security incident. I've told them and expect them to do a full investigation and a post-mortem what data has been exposed, who was affected, how it was possible and what will be done in the future to prevent it.