British oil and gas company Zephyr Energy said someone stole 700,000 pounds (approximately $1 million) from one of its U.S.-based subsidiaries by redirecting payments made to contractors to accounts controlled by hackers.
In a regulatory filing to the London Stock Exchange on Thursday, the company said it was “working with the corresponding banks and consultants to recover the misappropriated funds.”
The company did not say how the incident happened, but hackers are known to break into email inboxes and accounting systems and use that access to falsify bank accounts and routing numbers in the process of paying someone or settling a bill. Known as Business Email Compromise Attacks, the FBI released its latest annual report on Internet cybercrime in early April, stating that these attacks remain one of the largest causes of economic loss, with total losses expected to exceed $3 billion in 2025.
Zephyr says the incident has been resolved and business is continuing as usual.
As for the attack itself, the company said it used “industry standard practices” for its technology and payments platform, but said it had introduced “additional layers of security” in the wake of the incident.
A Zephyr spokesperson did not respond to an email seeking comment on the incident.
(via The Register)