We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Framework Suffers Data Breach After Accountant Phished

Framework Suffers Data Breach After Accountant Phished
Husain Parvez Published on 18th January 2024 Cybersecurity Researcher

Framework, a US-based company renowned for its repairable laptops, has suffered a data breach after an employee at its accounting service provider, Keating Consulting, fell victim to a phishing attack. The breach, confirmed by Framework, led to unauthorized access to customer data, including full names, email addresses, and outstanding balances for Framework purchases.

The incident, detailed in a notification sent to affected customers, occurred when a threat actor impersonated Framework's CEO and requested Accounts Receivable information from the accountant at Keating Consulting. The accountant, deceived by the phishing email, provided a spreadsheet containing sensitive customer information.

TechCrunch reported on the breach, noting that Framework, in an email to affected customers, stated, "On January 9th, at 4:27 am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases." The company further warned that the stolen information could potentially be used by hackers to impersonate Framework and solicit payment information.

Framework Computers, founded by former Apple and Oculus engineer Nirav Patel, has emphasized its commitment to customer privacy and security by implementing mandatory phishing and social engineering attack training for employees with access to customer information. Framework has also initiated an audit of the training and standard operating procedures of its accounting and finance consultants.

Highlighting the severity of the breach, BleepingComputer mentioned that Framework's Head of Finance notified Keating Consulting's leadership of the breach shortly after it was discovered — just 29 minutes after the accountant fell for the phishing email.

Framework has advised customers to be cautious of phishing risks and to verify the authenticity of any communication claiming to be from Framework. The company has stressed that it only sends emails from 'support@frame.work' and never requests payment information via email. Framework has also urged customers to contact its support team regarding any suspicious emails.

The breach, followed by the Raptor Technologies breach we reported last week, has put a spotlight on the vulnerabilities in digital security.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address