Framework Confirms Data Breach, Cites Phishing Attack on Employee
In a recent email sent to affected customers, Framework, the US-based laptop maker known for its commitment to repairability and sustainability, has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider. The incident highlights the importance of robust cybersecurity measures in protecting sensitive information.
Attack on Accounting Service Provider
According to Framework’s notification, a social engineering attack was carried out against Keating Consulting, its primary external accounting partner. An employee at Keating fell victim to the phishing attempt, which allowed malicious hackers to obtain customers’ personal information related to outstanding balances for Framework purchases. The notification stated:
"On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases."
Stolen Customer Information
The affected customers’ personal data included full names, email addresses, and balances owed. Framework warned that hackers could use this stolen information to impersonate the company and ask for payment information. The notification also noted:
"Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list."
Potential Impact on Other Clients
It is currently unclear whether other clients of Keating Consulting were affected by the breach. Keating has almost 300 clients, including prominent companies such as GoodRx, Molecule.com, and Udemy.
Keating’s Response
When reached for comment, Keating Consulting had not yet responded to TechCrunch’s questions or shared any information publicly about the breach.
Framework’s Response and Next Steps
In light of the incident at Keating, Framework has announced that it will require mandatory phishing and social engineering attack training for employees who have access to customer information. Additionally, the company will be auditing the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously had access to customer information.
Framework stated:
"We are additionally auditing the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously have had access to customer information."
Notification to Affected Customers
Framework has sent notifications to all impacted customers, but the company has not yet disclosed the number of affected individuals. Framework has assured its customers that it is taking immediate action to prevent similar incidents in the future.
Cybersecurity Best Practices
This incident serves as a reminder of the importance of robust cybersecurity measures and employee training in protecting sensitive information. Organizations must prioritize cybersecurity awareness, implement multi-factor authentication, and regularly update software and systems to prevent such breaches.
Contacting TechCrunch
If you have any further information about this incident or would like to share your experience with us, please contact Carly Page securely on Signal at +441536 853968 or by email at carly.page@techcrunch.com. You can also reach out to TechCrunch via SecureDrop.
Update
We will continue to monitor the situation and provide updates as more information becomes available.