StepStone Group is aware that from time to time, external threat actors attempt to impersonate StepStone or its personnel, including through fraudulent websites, fake mobile applications, unauthorized social media profiles, and unsolicited outreach via online chat groups or messaging platforms. 

Staying safe 

StepStone will only communicate with investors and clients through authorized representatives. You should only trust communications from your designated contacts at StepStone. If you are uncertain whether a communication is genuine, do not act on it and verify directly with your StepStone representative using contact details previously provided to you. 

StepStone will never request the transfer of funds, sensitive personal information, or investment decisions through social media or messaging applications such as LinkedIn, WhatsApp and Line. StepStone does not have a mobile application. 

StepStone personnel’s direct contacts are largely with institutional investors. Outreach to retail investors is conducted predominantly via third party financial advisors working with individuals. As a result, if you are an individual investor, you should be wary of communications from people purporting to be StepStone personnel. 

Reporting fraudulent activity 

If you believe you have encountered fraudulent activity involving the impersonation of StepStone, or if you have any questions regarding the authenticity of a communication, please contact us at investorsecurity@stepstonegroup.com. Please include any relevant details, such as screenshots, links, or correspondence, to assist our investigation. StepStone will take all reports seriously and endeavor to address the fraudulent activity with local authorities and security partners, as appropriate. 

We also encourage you to report the matter to the relevant authorities in your jurisdiction. 

Recent fraudulent activity (as of June 2026) 

StepStone is aware of persons fraudulently purporting to be StepStone personnel reaching out to individuals via LinkedIn and Line, and in some cases directing such individuals to a fraudulent StepStone website utilizing images of StepStone personnel.  

This activity appears to be targeting individuals in Japan and Germany, in particular.  

If you believe you may have received such fraudulent communications, please report the matter to the authorities as well as the relevant platform (WhatsApp, etc.) 

Responsible vulnerability disclosure 

If you believe you have identified a potential security vulnerability with any StepStone digital systems and wish to make a responsible disclosure, please e-mail us at investorsecurity@stepstonegroup.com in accordance with the following guidelines: 

  • Provide a technical description of the vulnerability, if possible. 
  • Provide a list and description of the affected systems. 
  • Provide the steps required to reproduce the issue. 
  • Do not engage in any activity that can cause harm to StepStone systems, violates applicable laws or regulations, or remove, compromise or destroy StepStone data. 

Resolution and contact 

StepStone endeavors to investigate and resolve reported vulnerabilities in a timely manner. Where we require additional information to investigate or reproduce a reported issue, we will reach out to the disclosing party directly.