Hacker stole £700,000 from UK energy company by redirecting payment

Zephyr Energy reported a £700,000 theft by hackers who redirected payments from a U.S. subsidiary to their own account. The company is collaborating with banks to recover the funds and says its operations remain normal. This incident highlights the risks of business email compromise attacks, which caused over $3 billion in losses in 2025 according to the FBI.

Key Points

• Zephyr Energy was targeted by hackers who redirected payment meant for a contractor.
• The stolen amount is £700,000 (around $1 million).
• The company is working with banks and consultants to recover the funds.
• No details were provided on how the hackers gained access, but similar attacks involve infiltrating email or accounting systems.
• FBI reports indicate business email compromise attacks have resulted in significant financial losses, exceeding $3 billion in 2025.
• Zephyr Energy confirmed that operations remain unaffected and has enhanced security measures post-incident.

Relevance

• Business email compromise (BEC) remaining a major cybersecurity threat affecting financial sectors.
• The incident reflects the increasing sophistication of cyber attacks against businesses as seen in reports and surveys.
• Falling in line with 2025 IT trends focusing on enhanced security protocols and investment in cybersecurity insurance.
• The incident parallels other recent corporate breaches which underscore the need for robust cybersecurity measures.

The breach at Zephyr Energy underscores the vulnerabilities in payment systems and the necessity for organizations to bolster their cybersecurity to counter rising threats, particularly as BEC attacks continue to escalate.