U.S. laptop maker Framework has disclosed that hackers gained access to customer data through a phishing attack on an employee at its accounting service provider. The breach has raised concerns about the security of personal information related to outstanding balances for Framework purchases.
Key Takeaway
Framework has confirmed a data breach resulting from a phishing attack on its accounting partner, exposing customer information. The incident underscores the importance of robust cybersecurity measures and employee training to mitigate the risk of social engineering attacks.
Details of the Breach
In an email sent to affected customers, Framework revealed that an employee at its primary external accounting partner, Keating Consulting, was targeted in a social engineering attack. This allowed unauthorized individuals to obtain customers’ personal information, including full names, email addresses, and balances owed.
The phishing incident involved the attacker impersonating the CEO of Framework and requesting Accounts Receivable information. The compromised employee responded to the email, inadvertently providing the attacker with a spreadsheet containing sensitive customer data.
Response and Measures Taken
Framework has taken immediate steps to address the breach, including mandatory phishing and social engineering attack training for employees with access to customer information. The company is also conducting audits of the training and standard operating procedures of all accounting and finance consultants who have had access to customer data.
Implications and Concerns
With the stolen information, hackers could potentially impersonate Framework to obtain payment details from customers. The company has assured affected customers that notifications have been sent out, but the exact number of individuals impacted has not been disclosed.