American steel giant Nucor confirms data breach in May attack
American steel giant Nucor confirms data breach in May attack
June 23, 2025
American steel giant Nucor confirms hackers stole data in a May cyberattack, following its earlier disclosure of the incident.
Nucor, North America’s largest steel maker, confirmed hackers stole some data in a May cyberattack, following its earlier disclosure of the incident.
Nucor Corporation (NYSE: NUE) is a major American steel company headquartered in Charlotte, North Carolina. It’s the largest steel producer in the U.S. and North America’s top recycler of scrap metal.
In May, the company informed the Securities and Exchange Commission (SEC) that it had identified a cybersecurity incident involving unauthorized third party access to certain information technology systems.
“Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company.” reads the FORM 8-K initially filed with SEC. “Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. “
The company notified law enforcement and started the incident response procedure with the help of external cybersecurity experts.
On Friday, Nucor provided an update on the security incident, confirming the theft of “limited data” from the impacted systems.
“As disclosed in the Original Form 8-K, the Company recently experienced a cybersecurity incident affecting certain information technology systems used by the Company. The Company’s investigation revealed that a threat actor illegally accessed the Company’s information technology systems. The cybersecurity incident resulted in a temporary limitation of access to portions of the Company’s information technology applications supporting some aspects of the Company’s operations at some of the Company’s facilities, and as noted in the Original Form 8-K, in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations.” reads the update sent filed by the company with SEC. “The Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.”
Nucor has restored operations and IT systems after the cyberattack and believes the threat actor no longer has access to its infrastructure. The company pointed out that the incident had no material business or financial impact.
The notifications don’t include info about the nature of the attack, however, experts believe it was a victim of a ransomware attack. At this time, no known group has claimed responsibility for the attack.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, cyber attack)
