US repairable laptop maker Framework has confirmed that hackers accessed customer data after successfully phishing an employee at its accounting services provider.
In an email sent to affected customers, Framework said an employee at Keating Consulting, its primary external accounting partner, was the victim of a social engineering attack that allowed malicious hackers to obtain personal customer information about outstanding balances for Framework purchases.
San Francisco-based Framework was founded in late 2019 by former Apple and Oculus engineer Nirav Patel. The company, which raised $18 million in Series A funding led by Oculus backer Spark Capital in 2022, is positioning itself as a champion of the right-to-repair movement, and its devices — like the Framework Laptop 16 — are designed to be easy to repair with spare parts.
“On January 9, at 4:27 a.m. PST, the attacker sent an email to the accountant, posing as our CEO, requesting accounts receivable information related to outstanding balances for Framework purchases,” Framework said in the notification of which the company has not yet communicated publicly. but it was posted by a customer on the company’s forums.
The alert said the accountant responded to that email on Jan. 11, providing the attacker with a spreadsheet containing customer information, including names, email addresses and debts. Framework told affected customers that hackers could use this stolen information to impersonate Framework to request payment information.
“Please note that this list was primarily a subset of open pre-orders, but some completed orders with pending accounting syncs were also included in this list,” Framework said.
It is not yet known if any of Keating’s other clients were also affected. The Silicon Valley-based accounting firm, which primarily provides interim financial leadership and back-office support to startups, has nearly 300 clients, according to its website. These include online pharmacy GoodRx (which was recently fined $1.5 million for sharing user health data with Facebook and Google), computational chemistry platform Molecule.com, and corporate learning business Udemy.
Keating has yet to respond to TechCrunch’s questions or publicly share any information about his breach.
Framework said that in light of the Keating incident, the company will require mandatory phishing and social engineering training for any of the company’s employees who have access to Framework’s customer information. “We are additionally reviewing the trainings and standard operating procedures of all other accounting and financial advisors who currently or previously had access to customer information,” the computer maker added.
Framework added that it has sent notifications to all affected customers, but has not yet said how many of its customers are affected. Framework did not immediately respond to TechCrunch’s questions.
Do you have more information about this incident? Carly Page can be reached securely on Signal at +441536 853968 or via email at carly.page@techcrunch.com. You can also contact TechCrunch via SecureDrop.
