Breaking: Framework Reveals Massive Data Breach Following Accountant’s Phishing Attack

Imagine you’re a business owner, and one day you receive an email from your CEO requesting some important financial information. It looks legitimate, so you provide the requested data, only to find out later that it was a phishing attack. That’s exactly what happened to Keating Consulting Group, an accounting service provider for Framework Computer, a California-based manufacturer of upgradeable and modular laptops.

On January 11, an accountant from Keating Consulting was tricked by a threat actor impersonating Framework’s CEO into sharing a spreadsheet containing customers’ personally identifiable information (PII) “associated with outstanding balances for Framework purchases.” This data breach has exposed the personal information of an undisclosed number of customers, putting them at risk of further cyberattacks.

How the Phishing Attack Unfolded

According to data breach notification letters sent to affected individuals, the attacker sent an email to the accountant impersonating Framework’s CEO on January 9th, requesting information pertaining to outstanding balances for Framework purchases. The accountant responded on January 11th, providing a spreadsheet with customers’ full names, email addresses, and outstanding balances.

Framework’s Head of Finance notified Keating Consulting’s leadership of the attack once he became aware of the breach, approximately 29 minutes after the accountant replied to the attacker’s emails. As part of the subsequent investigation, the company identified all customers whose information was exposed in the attack and notified them of the incident via email.

Warning to Affected Customers: Watch Out for Phishing Risks

Since the exposed data includes the names of customers, their email addresses, and their outstanding balances, it could potentially be used in phishing attacks that impersonate the company to request payment information or redirect to malicious websites designed to gather even more sensitive information from those impacted.

Framework has emphasized that it only sends emails from ‘support@frame.work’ asking customers to update their information when a payment has failed and it never asks for payment information via email. Customers are urged to contact the company’s support team about any suspicious emails they receive.

Preventing Future Attacks: Mandatory Phishing and Social Engineering Training

To address the situation and prevent future incidents, all Keating Consulting employees with access to Framework customer information will now be required to have mandatory phishing and social engineering attack training. Additionally, Framework is auditing their standard operating procedures around information requests and the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously have had access to customer information.

While the number of affected customers in the data breach has not been disclosed, this incident serves as a stark reminder of the importance of being vigilant when it comes to phishing attacks and the need for ongoing cybersecurity education and training.

So, what can you do to protect yourself and your business from falling victim to similar attacks? Stay informed, keep your cybersecurity measures up to date, and don’t hesitate to reach out to us for expert advice and support. And most importantly, always be cautious when dealing with sensitive information, especially when it comes to email correspondence. Your security is our top priority.