Nippon Steel Solutions suffered a data breach following a zero-day attack
Nippon Steel Solutions suffered a data breach following a zero-day attack
July 09, 2025
Nippon Steel Solutions reported a data breach caused by hackers exploiting a zero-day vulnerability in their network equipment.
Nippon Steel Solutions, a subsidiary of Japan’s Nippon Steel, disclosed a data breach, attackers exploited a zero-day vulnerability. The company provides cloud and cybersecurity services.
On March 7, 2025, Nippon Steel Solutions detected suspicious server activity and isolated the impacted system. An investigation revealed a zero-day attack on network equipment led to unauthorized access and potential leaks of personal data belonging to customers, partners, and employees. The company pointed out that cloud services remain unaffected.
“We have recently discovered that our company’s internal network was subject to unauthorized access (zero-day attack) due to a software vulnerability, and that some of the personal information of our customers, partners, and employees held by our company may have been leaked to the outside. We deeply apologize for the great inconvenience and concern this incident has caused to our business partners and other related parties.” reads the data breach notice pubblished by the company. “After detecting the unauthorized access, we promptly took measures such as restricting access from outside, and cooperated with external specialist agencies to investigate the intrusion route, the scope of the impact, and the cause analysis, while also working with business partners to take the necessary measures. “
The company is notifying affected parties and has publicly disclosed the breach.
Compromised information includes:
- Customer: Name, company name, affiliation, job title, company address, business email address and phone number
- Partners: Name, business email address (our company domain address provided by our company)
- Employee: Name, department, position, business email address
The company states that there is no evidence that information has leaked on social media or the dark web. However, the company recommends that users not respond to suspicious phone calls or emails that they do not recognize.
“We have already consulted and notified the police about this matter, and have submitted the necessary report to the Personal Information Protection Commission.” concludes the notice. “In addition, with the advice of external experts, we have taken appropriate measures, such as isolating and reconstructing the devices that were illegally accessed, as well as measures to address remaining risks, such as strengthening exit measures and behavior detection, and have restored the safety of our company’s internal network.”
The breach comes amid Nippon Steel’s acquisition of US Steel.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Nippon Steel Solutions)
