The listings featured on this site are from companies from which this site receives compensation and some are co-owned by our parent company. This influence: Rank and manner in which listings are presented.
Learn more
The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

The How To Guide was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: Holiday.com, ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on The How To Guide are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Framework Suffers Data Breach After Accountant Phished

Framework Suffers Data Breach After Accountant Phished
Author Image Husain Parvez
Husain Parvez First published on January 18, 2024 Cybersecurity Researcher

Framework, a US-based company renowned for its repairable laptops, has suffered a data breach after an employee at its accounting service provider, Keating Consulting, fell victim to a phishing attack. The breach, confirmed by Framework, led to unauthorized access to customer data, including full names, email addresses, and outstanding balances for Framework purchases.

The incident, detailed in a notification sent to affected customers, occurred when a threat actor impersonated Framework's CEO and requested Accounts Receivable information from the accountant at Keating Consulting. The accountant, deceived by the phishing email, provided a spreadsheet containing sensitive customer information.

TechCrunch reported on the breach, noting that Framework, in an email to affected customers, stated, "On January 9th, at 4:27 am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases." The company further warned that the stolen information could potentially be used by hackers to impersonate Framework and solicit payment information.

Framework Computers, founded by former Apple and Oculus engineer Nirav Patel, has emphasized its commitment to customer privacy and security by implementing mandatory phishing and social engineering attack training for employees with access to customer information. Framework has also initiated an audit of the training and standard operating procedures of its accounting and finance consultants.

Highlighting the severity of the breach, BleepingComputer mentioned that Framework's Head of Finance notified Keating Consulting's leadership of the breach shortly after it was discovered — just 29 minutes after the accountant fell for the phishing email.

Framework has advised customers to be cautious of phishing risks and to verify the authenticity of any communication claiming to be from Framework. The company has stressed that it only sends emails from '[email protected]' and never requests payment information via email. Framework has also urged customers to contact its support team regarding any suspicious emails.

The breach, followed by the Raptor Technologies breach we reported last week, has put a spotlight on the vulnerabilities in digital security.

About the Author

  • Author Image Husain Parvez
  • Husain Parvez Cybersecurity Researcher

Husain Parvez is a Cybersecurity Researcher and News Writer at The How To Guide, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the The How To Guide Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

This field must contain more than 50 characters

The field content should not exceed 1000 letters

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address