Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Duke

Blog Incident database Request access

Loading database

Indexing incidents

Fetching SEC-disclosed cyber incidents and Duke's breach taxonomy…

Duke

Blog Incident database Request access

Opening incident

Loading disclosure

Pulling the filing, breach taxonomy, and impact scoring…

Orion S.A. Cyber Criminals (2024) | SEC Cybersecurity Incident | Duke Security

Duke

Blog Incident database Request access

← Back to incidents

Incident · Cyber Criminals

Orion S.A. · OEC

MaterialsLuxembourgIncident August 10, 2024Filed August 12, 2024

Impact score

Business continuity

—

Insurance involved

Yes

Filing

8-K · 8.01

Breach taxonomy

Cyber CriminalsPhishingCash EquivalentFinancial Fraud

Summary

On August 10, 2024, Orion S.A. disclosed that a company employee was the target of a criminal scheme resulting in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties. The company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent transfers. No unauthorized access to company data or systems was identified. Law enforcement is cooperating and the company intends to pursue recovery through all available legal means including potentially available insurance coverage.

Tagging rationale

ThreatCyber Criminals

Filing explicitly describes a criminal scheme targeting the company via fraudulent wire transfer inducement → CYBER-CRIMINALS.

MethodsPhishing

An employee was fraudulently induced to authorize multiple wire transfers, a hallmark of business email compromise / phishing-based financial fraud → PHISHING.

Assets

Cash Equivalent

The criminal scheme resulted in approximately $60 million in fraudulent wire transfers to accounts controlled by third parties → CASH-EQUIVALENT.

EffectsFinancial Fraud

Approximately $60 million was misdirected through fraudulent wire transfers → FINANCIAL-FRAUD.

Impact

Approximately $60 million in confirmed financial loss from wire fraud; no data breach or operational disruption; single incident affecting a materials company → score 3.

InsuranceYes

Filing states the company intends to pursue recovery including potentially available insurance coverage → true.

Read the original SEC filing excerpt

Item 8.01 Other Events. On August 10, 2024, Orion S.A. (the Company) determined that a Company employee, who is not a Named Executive Officer, was the target of a criminal scheme that resulted in multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties. As a result of this incident, and if no further recoveries of transferred funds occur, the Company expects to record a one-time pre-tax charge of approximately $60 million for the unrecovered fraudulent wire transfers. The Company has cooperated, and will continue to cooperate, with law enforcement as appropriate, and intends to pursue recovery of these funds through all legally available means, including potentially available insurance coverage. To date, the Company has not found any evidence of additional fraudulent activity and currently does not believe the incident resulted in any unauthorized access to data or systems maintained by the Company. However, the Company's investigation into the incident and its impacts on the Company, including its internal controls, remains ongoing. The business and operations were not affected.

View SEC filing Back to database

Get alerts on new incidents

Drop your email and we’ll let you know when fresh SEC disclosures land in the database. No spam.

More in Materials

Unknown · May 13, 2025

Nucor Corporation

Around May 13, 2025, Nucor Corporation identified unauthorized third-party access to certain IT systems and promptly activated its incident …

Unknown · February 14, 2025

NioCorp Developments Ltd.

On February 14, 2025, NioCorp Developments became aware of unauthorized third-party access to its information systems, including portions of…

Unknown · October 18, 2024

Karat Packaging Inc.

On October 18, 2024, Karat Packaging discovered unauthorized third-party access to its information systems. The company activated its cybers…

Priv Insider · July 25, 2024

Meta Materials Inc.

On July 25, 2024, a former executive officer of Meta Materials Inc. deliberately deactivated the company's website, corporate email, and oth…