Zephyr Energy Loses £700K in Cyber Attack Targeting Contractor Payment

Severity: Low (Score: 36.9)

Sources: Ajbell, Theregister

Summary

Zephyr Energy plc reported a cyber incident that resulted in the diversion of approximately £700,000 from a contractor payment to an attacker-controlled account. The attack, described as 'highly sophisticated,' occurred at one of the company's US subsidiaries during a routine payment process. Although the specific method of the attack has not been disclosed, it involved rerouting a legitimate payment to a fraudulent account. Upon discovering the incident, Zephyr Energy promptly notified law enforcement and engaged banks and external consultants to recover the funds. The company has stated that its IT systems have been thoroughly assessed and that operations continue as normal. Additional security measures have been implemented to prevent future incidents. Despite the financial loss, Zephyr Energy maintains sufficient working capital to continue its operations without disruption. Key Points: • Zephyr Energy lost £700,000 due to a cyber attack that redirected a contractor payment. • The attack was classified as 'highly sophisticated' but details on the method remain undisclosed. • The company has implemented additional security measures and continues normal operations.

Key Entities

• Zephyr Energy PLC (company)
• Energy (industry)