Hacker Stole £700,000 From UK Energy Company by Redirecting Payment

Related

Order-Tracking App Shop Abused to Push Callback Phishing Attacks

What happened Threat actors are abusing Shop, Shopify’s order-tracking app,...

Polymarket Customers Lose $3 Million in Supply Chain Attack

What happened Polymarket said it will fully reimburse customers who...

Suspected Cyberattack Triggers False Emergency Alerts Across Brazil

What happened Brazil suspended its mobile phone emergency alert system...

Iranian Cyber Group Handala Claims Cal Water Hack

What happened Iran-linked threat actor Handala claimed it hacked California...

Share

What happened

A hacker stole £700,000 from a UK energy company after diverting a payment intended for a contractor into an attacker-controlled account. The victim, Zephyr Energy, said the theft affected one of its U.S.-based subsidiaries and disclosed the incident in a regulatory filing. The company said it is now working with banks and consultants to try to recover the diverted funds. It did not explain how the attack happened, but said the incident has been contained and that operations are continuing normally. Zephyr Energy also said it used industry-standard practices for its technology and payment platforms and has since added extra layers of security following the incident. 

Who is affected

The direct impact falls on Zephyr Energy and the subsidiary whose contractor payment was redirected. The incident centers on company funds rather than customer-facing disruption, and Zephyr Energy said operations are running normally. 

Why CISOs should care

This incident matters because it shows how a single redirected payment can create a significant financial loss even when broader business operations stay online. It also highlights the continuing risk around payment workflows, vendor transactions, and the controls used to verify banking details before funds are released. 

3 practical actions

  1. Tighten payment change controls: Require stronger validation before bank account or routing details are updated for contractor or vendor payments.
  2. Review financial workflow exposure: Assess whether email, accounting, or payment processes create openings for attackers to alter payment instructions before funds are sent.
  3. Use this as a treasury-risk scenario: Treat payment diversion as a core cyber-fraud risk, not just an accounting issue, because the financial loss can be immediate and material. 

For more news about intrusions and fraud affecting business operations, click Cyberattack to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.