Jump to content

Framework Says Customer Data Stolen in Third-Party Breach 🤔

SimonZerafa
 Share
Posted

Hi All,

 

As or the title and here is the article:

 

https://www.securityweek.com/laptop-maker-framework-says-customer-data-stolen-in-third-party-breach/

 

The first few paragraphs give the story:


 

Quote

 

Laptop computer maker Framework is notifying users that personal information was stolen in a data breach at its primary external accounting partner.

 

The California-based company said the incident occurred on Thursday, January 11, and was the result of a phishing attack targeting an employee at Keating Consulting.

 

According to the notification that Framework sent to the impacted individuals, a copy of which shared by the company with SecurityWeek, the phishing email was received on January 9.

 

Impersonating the Framework CEO, the attackers requested Keating Consulting’s employee to provide “accounts receivable information pertaining to outstanding balances for Framework purchases.

 

 

Rather a shame but it seems more and more likely that it's when companies are breached not if 🤔

 

Kind Regards

 

Simon Zerafa

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Summary

Laptop manufacturer Framework Computer, Inc. has privately informed affected customers that their data was compromised in a third-party data breach.
An employee at an external accounting partner, Keating Consulting Group, inadvertently shared customer information with attackers who exploited a phishing email.

The breach apparently only affects people associated with outstanding balances for Framework purchases.
However, it's worth noting that, according to some Framework forum members, they have received the compromise notification emails even if their last purchase was fully paid and fulfilled more than two years ago.

 

Quotes:

Quote

Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.

 

The California-based manufacturer of upgradeable and modular laptops says a Keating Consulting accountant was tricked on January 11 by a threat actor impersonating Framework's CEO into sharing a spreadsheet containing customers' personally identifiable information (PII) "associated with outstanding balances for Framework purchases."

-- www.bleepingcomputer.com article

 

Quote

What happened?

On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases.

On January 11th at 8:13am PST, the accountant responded to the attacker and provided a spreadsheet with the following information:

  • Full Name
  • Email Address
  • Balance Owed

Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list.

 

What was done to resolve the issue?

29 minutes after the external accounting consultant had responded to the attacker (8:42am PST on January 11th, 2024), Framework’s Head of Finance was made aware of the breach. At that point, he informed Keating Consulting leadership of their error, and escalated the incident to Framework leadership for immediate review and handling.

Upon escalation, we identified all impacted customers to enable mass-notification of the breach (this email).

 

What steps have you taken to ensure this doesn’t happen in the future?

We’ve informed Keating Consulting of this breach and attack vector and will be requiring mandatory phishing and social engineering attack training for any of their employees who have access to customer information. We are also auditing their standard operating procedures around information requests. We are additionally auditing the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously have had access to customer information.

-- community.frame.work , the post was made by a forum member

 

 

My thoughts
While Framework has taken intimidate measures to address the situation, such as notifying affected individuals and warning them about potential phishing e-mails they might receive, as well as implementing mandatory phishing training for employees with access to customer information... No public official statement has been issued yet (that I'm aware of, please correct me if I am wrong).
I've seen some people commending them for their transparent approach to this issue, however it seems* to me they just did what the law required them to do:

Spoiler

image.thumb.png.02e30b40cec4ea442c5f144bd86a83ca.png
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.29
https://law.justia.com/codes/california/2022/code-civ/division-3/part-4/title-1-8/chapter-1/article-7/section-1798-29/

* I am not a legal professional, and I am not a resident of California or the USA.
 

Sources
https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/
https://community.frame.work/t/framework-data-breach/43408

VGhlIHF1aWV0ZXIgeW91IGJlY29tZSwgdGhlIG1vcmUgeW91IGFyZSBhYmxlIHRvIGhlYXIu

^ not a crypto wallet

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Biohazard777 said:

Summary

Laptop manufacturer Framework Computer, Inc. has privately informed affected customers that their data was compromised in a third-party data breach.
An employee at an external accounting partner, Keating Consulting Group, inadvertently shared customer information with attackers who exploited a phishing email.

The breach apparently only affects people associated with outstanding balances for Framework purchases.
However, it's worth noting that, according to some Framework forum members, they have received the compromise notification emails even if their last purchase was fully paid and fulfilled more than two years ago.

 

Quotes:

 

 

 

My thoughts
While Framework has taken intimidate measures to address the situation, such as notifying affected individuals and warning them about potential phishing e-mails they might receive, as well as implementing mandatory phishing training for employees with access to customer information... No public official statement has been issued yet (that I'm aware of, please correct me if I am wrong).
I've seen some people commending them for their transparent approach to this issue, however it seems* to me they just did what the law required them to do:

  Reveal hidden contents

image.thumb.png.02e30b40cec4ea442c5f144bd86a83ca.png
https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV&sectionNum=1798.29
https://law.justia.com/codes/california/2022/code-civ/division-3/part-4/title-1-8/chapter-1/article-7/section-1798-29/

* I am not a legal professional, and I am not a resident of California or the USA.
 

Sources
https://www.bleepingcomputer.com/news/security/framework-discloses-data-breach-after-accountant-gets-phished/
https://community.frame.work/t/framework-data-breach/43408

This stuff happens so often, I am wondering why it's news anymore.

 

"Do what makes the experience better" - in regards to PCs and Life itself.

 

Onyx : AMD Ryzen 7 7800x3d / MSI 6900xt Gaming X Trio / Gigabyte B650 AORUS Pro AX / G. Skill Flare X5 6000CL36 32GB / Samsung 980 1TB x3 / Super Flower Leadex V Platinum Pro 850 / EK-AIO 360 Basic / Fractal Design North XL (black mesh) / AOC AGON 35" 3440x1440 100Hz / Mackie CR5BT / Corsair Virtuoso SE / Cherry MX Board 3.0 / Logitech G502

 

7800X3D - PBO -30 all cores, 4.90GHz all core, 5.05GHz single core, 18286 C23 multi, 1779 C23 single

 

Emma : i9 9900K @5.1Ghz - Gigabyte AORUS 1080Ti - Gigabyte AORUS Z370 Gaming 5 - G. Skill Ripjaws V 32GB 3200CL16 - 750 EVO 512GB + 2x 860 EVO 1TB (RAID0) - EVGA SuperNova 650 P2 - Thermaltake Water 3.0 Ultimate 360mm - Fractal Design Define R6 - TP-Link AC1900 PCIe Wifi

 

Raven: AMD Ryzen 5 5600x3d - ASRock B550M Pro4 - G. Skill Ripjaws V 16GB 3200Mhz - XFX Radeon RX6650XT - Samsung 980 1TB + Crucial MX500 1TB - TP-Link AC600 USB Wifi - Gigabyte GP-P450B PSU -  Cooler Master MasterBox Q300L -  Samsung 27" 1080p

 

Plex : AMD Ryzen 5 5600 - Gigabyte B550M AORUS Elite AX - G. Skill Ripjaws V 16GB 2400Mhz - MSI 1050Ti 4GB - Crucial P3 Plus 500GB + WD Red NAS 4TBx2 - TP-Link AC1200 PCIe Wifi - EVGA SuperNova 650 P2 - ASUS Prime AP201 - Spectre 24" 1080p

 

Steam Deck 512GB OLED

 

OnePlus: 

OnePlus 11 5G - 16GB RAM, 256GB NAND, Eternal Green

OnePlus Buds Pro 2 - Eternal Green

 

Other Tech:

- 2021 Volvo S60 Recharge T8 Polestar Engineered - 415hp/495tq 2.0L 4cyl. turbocharged, supercharged and electrified.

- Lenovo 720S Touch 15.6" - i7 7700HQ, 16GB RAM 2400MHz, 512GB NVMe SSD, 1050Ti, 4K touchscreen

- MSI GF62 15.6" - i7 7700HQ, 16GB RAM 2400 MHz, 256GB NVMe SSD + 1TB 7200rpm HDD, 1050Ti

- Ubiquiti Amplifi HD mesh wifi

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

With all of these data breaches occurring, corporates not currently affected should look at their own setup to ensure nothing there is vulnerable to attack, and try to break their own systems, and take appropriate measures. That to me is the wise thing to do, or this will keep happening. This should really be a wake-up call for other companies.

"It pays to keep an open mind, but not so open your brain falls out." - Carl Sagan.

"I can explain it to you, but I can't understand it for you" - Edward I. Koch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
20 minutes ago, Godlygamer23 said:

With all of these data breaches occurring, corporates not currently affected should look at their own setup to ensure nothing there is vulnerable to attack, and try to break their own systems, and take appropriate measures. That to me is the wise thing to do, or this will keep happening. This should really be a wake-up call for other companies.

Actual corporate: probably won't happen to us, fire 10 people.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
3 minutes ago, Murasaki said:

Actual corporate: probably won't happen to us, fire 10 people.

At my workplace, this is unfortunately the attitude sometimes. We are hardly ever proactive, only reactive, which gets us into trouble sometimes. It's one thing to not be proactive towards small issues, but to have it towards larger issues? Totally unacceptable. 

 

The idea of preventing issues towards low risk/high cost, and high risk/high cost should be at the forefront, including things that affect others, or that could cascade into something bigger, and it's important that companies evaluate themselves to ensure they're doing everything they can to prevent issues from occurring.

Edited by Godlygamer23

"It pays to keep an open mind, but not so open your brain falls out." - Carl Sagan.

"I can explain it to you, but I can't understand it for you" - Edward I. Koch

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, dilpickle said:

Isn't this the company that Linus invested in?

Yes.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Phishing attacks are getting out of hand. Teachers and administrators at my school get countless emails and countless warnings about what they can do and download and respond to on email yet they still get tricked. 

I don't know any viable way to properly teach people anymore. Some people, frankly, should just not have the internet.

I'm usually as lost as you are

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing General Discussion

×