Framework has been busy emailing customers whose data has been leaked due to a recent phishing attack (h/t Computer Base). Personal Identifiable Information (PII) of Framework customers with outstanding balances for device purchases was shared by the firm’s primary external accounting partner, which fell victim to a phishing attack. Customers named in the leaked spreadsheets will receive the email reproduced in full at the above link. However, we are relieved to note that the leaked PII is claimed to consist solely of the following details: full name, email address, and the balance owed.
The well-regarded modular laptop maker has made the human errors behind the data leak and its full scope very clear. To ensure customers are fully informed, Framework has provided an incident timeline, discusses what has been done to resolve the issue, says how it will avoid any similar goofs in the future, and advises customers who were named in the leaked data.
Framework's data leak should provide another cautionary tale regarding cunning phishing attacks. According to the email shared on the Framework community forum, the firm's primary external accounting partner received an email that they thought was from the Framework CEO on January 9, 2024. Social engineering tactics were used to obtain a spreadsheet that contained customer information. Luckily, the scope of the information was quite limited (as noted in the intro), with no passwords, payment methods, or other potentially sensitive data.
According to its customer communications, Framework's reaction to the leak was pretty rapid. Within half an hour of the accountant responding to the attacker (on January 11), Framework's Head of Finance was made aware of the breach. He informed the accountancy business of the security error and escalated the incident to Framework leadership. Subsequently, all affected customers were identified and notified with complete details about the leak.
Lessons learned
Importantly, Framework plans to require employees at external consultants and service providers to have phishing and social engineering attack training. Additionally, it will audit the training and operating procedures of such partners.
Because their data was shared with the attackers, customers who received the email mentioned above have been warned that the phishers could potentially try to impersonate Framework to gather sensitive information. Thus, concerned customers should make sure any email that seems to be from Framework has arrived via the support@frame.work email address. Moreover, please remember that Framework will “never request payment information to be sent directly by email.” Customers can confirm the authenticity of any Framework communication via the customer support portal if in doubt.
Last but not least, as well as being pleasantly transparent about the phishing incident, Framework has apologized to all customers affected.
