Contents:
Framework Computer announced the discovery of a data breach that exposed the private data of an unspecified number of its clients following a phishing attack on Keating Consulting Group, the company’s accounting service provider.
The California-based company that makes modular and upgradeable laptops claims that on January 11, a threat actor posing as Framework’s CEO tricked an accountant at Keating Consulting into disclosing a spreadsheet that contained personally identifiable information (PII) of clients “associated with outstanding balances for Framework purchases.”. This operation is commonly known as CEO fraud.
The affected individuals received notification letters about the data breach, reading:
On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases.
Framework Data Breach Notification Letters (Source)
The accountant responded to the attackers on January 11th, and provided them the requested spreadsheet which included information such as:
- Full names;
- Email addresses;
- Balance owed.
The list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were included in the list too.
About 29 minutes after the external accountant responded to the attackers’ emails, Framework claims that its Head of Finance informed Keating Consulting’s leadership about the incident.
The business identified every client whose information was compromised in the attack and emailed them to let them know about it as part of a follow-up inquiry.
Customers Were Warned About the Risks of Phishing
The names, email addresses, and outstanding balances of the customers included in the exposed data could be used in phishing attacks, which pose as the company and request payment information or direct victims to malicious websites intended to obtain even more sensitive information.
Framework also stated that it never requests payment information via email and only emails from ‘support@frame.work’ requesting clients to amend their information in the event that a payment fails. Clients are advised to report any strange emails they receive to the company’s support staff.
Framework states that phishing and social engineering attack training will now be mandatory for all Keating Consulting staff members who have access to Framework customer data.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.