Is this really hacking or the exposure of poor business processes and a little social engineering? I make the distinction because hacking can usually be addressed by technical solutions/better technical solutions while poor process and social engineering can rarely be fixed with technology.
Having experienced the consequences of a number of similar situations (supplier sends details, someone outside of the expected supplier/intermediate/customer chain manages to become involved in an e-mail chain whether through hacking, type squatting or fraud on the part of someone in the legitimate supply chain and a payment almost gets sent to an unknown party. The scam relies on urgency and confusion and usually phone/e-mail conversations between finance people and fraudsters outside the main e-mail chain. While no incidents resulted in financial loss, a number came a lot closer than many people were prepared to admit.
Senior people not responding to queries or being unhelpful ("just get this done"), finance people being a little too helpful when details are unclear to help fill in information the fraudsters can't supply, and decisions being rushed when there is no real urgency (this needs paid in 48 hours but we can pay it in 4 hours with these details and we don't have to disturb senior manager X), and generally not having any methods in-place to verify suppliers (i.e. registered company information and third party supplier verification, processes to identify flags such as multiple bank accounts being supplied which then require further verification, clear organisation structures to allow new suppliers to be verified internally if key people aren't available).