Zero-Day Attack on Nippon Steel Exposes Global Partner and Employee Data
Nippon Steel, the world’s fourth-largest crude steel producer, has disclosed that a zero-day attack compromised its internal network in March, resulting in potential data exposure impacting over 100,000 employees, business partners, and customers globally.
The Tokyo-based manufacturer confirmed the incident in a formal disclosure posted on its website, stating it “deeply apologizes” for the breach and any distress caused. The company said the attack was linked to a software vulnerability in network equipment, and although the damage was contained with the help of cybersecurity experts, sensitive information may have been accessed.
“We have recently discovered that our company’s internal network was subject to unauthorized access (zero-day attack) due to a software vulnerability,” the company wrote.
Data Potentially Leaked, Scope Still Being Assessed
While the specific volume of compromised data has not been confirmed, Nippon Steel outlined the categories of data that may have been accessed:
- Customers: Name, company affiliation, job title, address, business email, and phone number
- Business Partners: Name and business email issued by Nippon Steel
- Employees: Name, department, position, and business email address
The company stressed that its customer-facing cloud services were not affected. It also noted that there is no evidence yet that the stolen data has been leaked on the dark web or social media platforms. However, it warned those affected to remain cautious of potential phishing or impersonation scams.
Nippon Steel operates across numerous industries including automotive, construction, medical, and IT, and maintains hundreds of partnerships through 316 consolidated subsidiaries and 96 equity affiliates. It has a global workforce of more than 113,000 and maintains offices in over a dozen countries.
Earlier Ransomware Incident May Be Connected
This breach follows an earlier ransomware attack in February, when the BianLian ransomware gang claimed to have stolen 500GB of data from Nippon Steel’s U.S. division. The stolen information reportedly included files tied to accounting, production, and personal contact details of senior executives, including CEO Eiji Hashimoto and President Hiroshi Moto.
Though the company did not confirm paying a ransom, BianLian removed Nippon Steel from its leak site shortly after the attack, suggesting that a private settlement may have occurred.
The possibility of “double extortion”—where attackers exfiltrate data and later demand a second ransom—has not been ruled out.
Security Measures and Notifications Underway
In its July 8 announcement, Nippon Steel said it had:
- Rebuilt compromised systems
- Strengthened behavior detection and network exit controls
- Isolated the affected server after identifying the suspicious activity
All impacted business partners have been contacted, and the company is in the process of notifying affected employees and customers. Some notifications are still pending.
“We are taking extra security measures to prevent a recurrence,” the company said, emphasizing improved detection and prevention mechanisms.
Breach Follows Completion of US Steel Acquisition
Ironically, the latest announcement comes shortly after Nippon Steel finalized its controversial acquisition of US Steel on June 18—a deal that had been paused in January just before the ransomware attack.
While the company continues to investigate the full scope of the data breach, cybersecurity experts view the incident as another example of rising threats against industrial and infrastructure sectors, particularly where zero-day vulnerabilities and supply chain exposure are involved.
