U.S. modular laptop manufacturer Framework Computer had information from an undisclosed number of customers compromised following a successful phishing attack against its third-party accounting service provider Keating Consulting Group, according to BleepingComputer.
Threat actors on Jan. 9 sent an email purporting to be from Framework's CEO requesting accounts receivable details related to outstanding balances on laptop purchases from a Keating Consulting accountant, who provided a list with customers' full names, email addresses, and balances owed two days later, said Framework in data breach notification letters sent to individuals impacted by the incident.
"Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list," said Framework, which urged customers to be vigilant of potential phishing attacks resulting from the breach.
Such an incident has already prompted Framework to require social engineering and phishing attack training for all Keating Consulting employees handling its customer data, as well as audit the accounting firm's standard operating procedures for information requests.