Framework says hackers accessed customer data after phishing attack on accounting partner
U.S. repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting service provider.
In an email sent to affected customers, Framework said that an employee at Keating Consulting, its primary external accounting partner, fell victim to a social engineering attack that allowed malicious hackers to obtain customers’ personal information related to outstanding balances for Framework purchases.
The San Francisco-based Framework was founded in late 2019 by former Apple and Oculus engineer Nirav Patel. The company, which raised $18 million in Series A funding led by Oculus backer Spark Capital in 2022, positions itself as a proponent of the right-to-repair movement, and its devices — such as its Framework Laptop 16 — are designed to be easy to fix with replaceable parts.
“On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases,” Framework said in its notification, which the company has not yet shared publicly but was posted by a customer on the company’s forums.
The notification said the accountant responded to this email on January 11, providing the attacker with a spreadsheet containing customer information, including full names, email addresses and balances owed. Framework told affected customers that hackers could use this stolen information to impersonate Framework to ask for payment information.
“Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list,” Framework said.
It’s not yet known if any of Keating’s other clients were also affected. The Silicon Valley-based accounting company, which primarily provides interim financial leadership and back-office support to startups, has almost 300 clients, according to its website. These include online pharmacy GoodRx (which was recently fined $1.5 million for sharing users’ health data with Facebook and Google), computational chemistry platform Molecule.com and corporate learning business Udemy.
Keating has not yet responded to TechCrunch’s questions nor shared any information publicly about its breach.
Framework said that in light of the incident at Keating, the company will require mandatory phishing and social engineering attack training for any of the company’s employees who have access to Framework customers’ information. “We are additionally auditing the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously have had access to customer information,” the computer maker added.
Framework added that it sent notifications to all impacted customers, but has not yet said how many of its customers are affected. Framework did not immediately respond to TechCrunch’s questions.
Do you have any more information about this incident? You can contact Carly Page securely on Signal at +441536 853968 or by email at carly.page@techcrunch.com. You can also contact TechCrunch via SecureDrop.