Nucor Data Breach: Steel Industry Leader Confirms Data Theft After Cyber Incident
Nucor Corporation, the largest steel producer and recycler in North America, has confirmed that data was stolen from its systems during a recent cybersecurity breach. The company disclosed the breach last month and has now filed an update with the U.S. Securities and Exchange Commission (SEC) confirming the exfiltration of sensitive information.
The incident led to temporary system shutdowns and disrupted production at several Nucor facilities across the United States, Mexico, and Canada. Nucor employs over 32,000 people and reported $30.73 billion in revenue last year.
“The cybersecurity incident resulted in a temporary limitation of access to portions of the Company’s information technology applications… [and] the Company temporarily and proactively halted certain production operations at various locations,” Nucor stated in its SEC filing.
Nucor Breach Investigation and Impact on Data
While the company has not disclosed the type of cyberattack or how it was initially detected, it confirmed that limited data was exfiltrated from its IT systems. Nucor is currently evaluating the scope of the breach and will notify affected individuals and regulatory agencies where legally required.
“The Company’s investigation also determined that the threat actor exfiltrated limited data… and will carry out any appropriate notifications,” the filing added.
Nucor took defensive action early by shutting down impacted systems and initiating incident response procedures. The company also engaged external cybersecurity experts and notified law enforcement to assist with the investigation and remediation.
Systems Restored, Threat Actor Evicted
According to Nucor, access to affected systems has now been restored, and production operations have resumed. The company also noted that the threat actor has been removed from the network and no longer maintains access.
No ransomware groups have claimed responsibility for the breach as of now, and it’s unclear if the attack involved encryption, data extortion, or was purely focused on data theft. However, recent trends suggest that even non-ransomware intrusions often involve stealing sensitive corporate data for leverage in double-extortion campaigns.
As the investigation continues, the incident highlights the growing cyber risks facing the industrial and manufacturing sector, particularly those operating critical infrastructure and production systems.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
