The attackers sent a letter to the accountant on behalf of the general director of Framework – with a request to send information about customer debt.
Framework, an American manufacturer of modular laptops, has confirmed that hackers gained access to customer data as a result of a phishing attack on an employee of its accounting services provider Keating Consulting.
“On January 9th, an attacker sent an email to an accountant, posing as our CEO, asking for information about arrears from Framework’s purchases,” Framework said in a statement.
The company says the accountant responded to the Jan. 11 letter and sent a spreadsheet with customer information — including full names, email addresses and amounts owed. Framework has already notified affected customers that hackers could use this information to impersonate the company and request payment information.
“Please note that this list primarily included a subset of open pre-orders, but some completed pre-orders with pending account synchronization were also included in this list,” Framework said.
It is not yet known if any of Keating Consulting’s other clients have been affected. The Silicon Valley accounting firm, which primarily provides interim financial management and back-office support for startups, has about 300 clients. These include online pharmacy GoodRx (recently fined $1.5 million for sharing health data of Facebook and Google users), computational chemistry platform Molecule.com, and corporate training business Udemy.
Framework also said it will require mandatory anti-phishing training for all company employees who have access to Framework customer information.
“We are additionally reviewing the training and standard operating procedures of all other accounting and financial advisors who currently or previously had access to customer information,” the computer maker added.
San Francisco-based Framework was founded in late 2019 by former Apple and Oculus engineer Nirav Patel. In 2022, the company raised $18 million in Series A funding led by Oculus-backed Spark Capital. Framework positions itself as a supporter of the “right to repair” and all of its devices, such as the Framework 16 laptop, are designed to be easily repaired with replacement parts.
Source: TechCrunch
