Copypasta’d from an email from FW:
Keating Consulting, Framework’s primary external accounting partner, brought to our attention at 8:13am PST on January 11th, 2024, that one of their accountants fell victim to a phishing email that utilized social engineering tactics to obtain customer PII (Personal Identifiable Information) associated with outstanding balances for Framework purchases.
If you are receiving this email, we’ve identified that your information was impacted by this breach.
On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases.
On January 11th at 8:13am PST, the accountant responded to the attacker and provided a spreadsheet with the following information:
- Full Name
- Email Address
- Balance Owed
Note that this list was primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list.
What was done to resolve the issue?
29 minutes after the external accounting consultant had responded to the attacker (8:42am PST on January 11th, 2024), Framework’s Head of Finance was made aware of the breach. At that point, he informed Keating Consulting leadership of their error, and escalated the incident to Framework leadership for immediate review and handling.
Upon escalation, we identified all impacted customers to enable mass-notification of the breach (this email).
What steps have you taken to ensure this doesn’t happen in the future?
We’ve informed Keating Consulting of this breach and attack vector and will be requiring mandatory phishing and social engineering attack training for any of their employees who have access to customer information. We are also auditing their standard operating procedures around information requests. We are additionally auditing the trainings and standard operating procedures of all other accounting and finance consultants who currently or previously have had access to customer information.
What steps should I take to protect myself given the notification of this breach?
As the information provided to the attacker includes your name, email address, and outstanding balance, we can assume that they could attempt to impersonate Framework and ask for you to provide payment information or request that you follow a link that will attempt to gather more sensitive information about you or your outstanding balance with Framework.
We will only provide an “Action Required” email when an official payment capture fails, which includes a link to the Framework website to update payment information to enable final payment capture. This email is always sent from firstname.lastname@example.org. We will never request payment information to be sent directly by email. If you are ever concerned about the validity of an email received from Framework, please contact Framework Support and we will confirm or deny the authenticity of any correspondence.
We take customer information privacy seriously, and the incident and its investigation were treated with the highest priority and urgency available at Framework.
We apologize for any concern this may have caused.