Framework Computer discloses a data breach exposing customer information, highlighting the risks associated with phishing attacks.
Framework Computer exposed a data breach, unveiling personal information compromised in a phishing attack on its accounting service provider, Keating Consulting Group. The breach, triggered when a threat actor impersonated Framework’s CEO, came to light on January 11th. In response to an email sent on January 9th at 4:27 am PST, the attacker, posing as the CEO, requested Accounts Receivable information from a Keating Consulting accountant. Succumbing to the impersonation, the accountant responded at 8:13 am PST on January 11th, unknowingly sharing a spreadsheet containing details like Full Name, Email Address, and Balance Owed.
The compromised data primarily consisted of a subset of open pre-orders, alongside completed past orders with pending accounting syncs. Framework’s Head of Finance acted promptly, informing Keating Consulting’s leadership approximately 29 minutes after the accountant’s response at 8:42 am PST on January 11th. Subsequently, the company initiated an investigation to pinpoint affected customers. In an effort to mitigate the impact, Framework notified these individuals via email as part of its comprehensive response strategy to address the security breach.
This incident underscores the persistent threat of phishing attacks, prompting Framework to reinforce its security measures. The company’s disclosure and response reflect a commitment to transparency and an active effort to protect the impacted customers in the aftermath of this security breach.
Notification to Affected Customers
Exposed customer data, including names, emails, and balances, poses a risk for phishing attacks, enabling impersonation for payment details or redirecting to malicious sites. The company solely uses ‘support@frame.work’ for legitimate emails and never requests payment information via email. Customers are urged to report suspicious emails promptly.
Framework responds to the breach with mandatory phishing training for Keating Consulting employees with access to customer information. Audits cover operating procedures and training for these employees, as well as other consultants with historical access to customer data. A Framework spokesperson is currently unavailable for comment on the number of affected customers.
Story credit
Related stories:
