British oil and gas company Zephyr Energy disclosed that £700,000, or nearly $1 million, was stolen from one of its U.S.-based subsidiaries after a payment intended for a contractor was redirected into a hacker-controlled account. The incident highlights ongoing risks associated with cyber-enabled financial fraud targeting corporate transactions.
Regulatory Filing Confirms Ongoing Recovery Efforts
In a regulatory filing with the London Stock Exchange on Thursday, Zephyr Energy stated that it is “working with the corresponding banks and consultants to attempt to recover the diverted funds.” The company did not disclose the identity of the affected subsidiary or the contractor involved.
Attack Reflects Common Business Email Compromise Tactics
While Zephyr did not specify how the fraud occurred, such incidents are commonly linked to business email compromise attacks. In these schemes, hackers infiltrate email accounts or financial systems and manipulate bank account or routing details during invoice processing or payment transfers.
According to the Federal Bureau of Investigation, business email compromise remains one of the leading causes of cyber-related financial losses. The agency reported in its annual internet cybercrime report released in April that these attacks resulted in more than $3 billion in victim losses during 2025.
Operations Continue As Security Measures Are Strengthened
Zephyr Energy stated that the incident has been contained and that its operations are continuing without disruption. The company also confirmed that it had implemented “additional layers of security” following the breach.
The firm noted that it had already employed “industry standard practices” for its technology and payment platforms prior to the incident, indicating that the new measures are intended to further mitigate similar risks.
Featured image credits: Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.