Framework Suffers Data Breach After Phishing Attack on Accounting Partner

Framework Computer disclosed a data breach where personal information of an unspecified number of customers was accessed by hackers, following a phishing attack on its accounting service provider.

The US-based laptop maker, known for user-upgradable and repairable devices, in an email to affected customers revealed that an accountant at its external vendor, Keating Consulting, fell victim to a social engineering attack.

‘’On January 9th, at 4:27 am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases,’’ the email read.

On January 11, deceived by the email, the employee shared a spreadsheet containing customer information like, full name, email address, and balance owned, with the hacker. “Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list.”

Framework went on to say that its Head of Finance was notified of the breach, approximately 29 minutes after the accountant replied to the seemingly legitimate email. Subsequently, Keating Consulting was informed of this incident and an investigation led Framework to identify and notify impacted customers of the data breach via email.

The company further went on to announce certain mitigation measures that would prevent occurrence of similar incidents in the future. In addition to auditing Keating’s ‘’standard operating procedures around information requests,’’ it will also provide mandatory social engineering and phishing attack training to all employees having access to customer information.

Furthermore, it advised and warned customers that their stolen information can be used by hackers for nefarious purposes. For instance, impersonating Framework to commit financial fraud.

It also informed customers that emails from the company are only sent from ‘support@frame.work’ and never any payment information requests are made over emails. ‘’We will only provide an “Action Required” email when an official payment capture fails, which includes a link to the Framework website to update payment information to enable final payment capture,’’ Framework stated.