Major Update: Nucor Confirms Data Theft in Recent Cyberattack
The Nucor Corporation cyberattack update has taken a turn as North America’s largest steel producer has confirmed that attackers successfully stole data during their recent cybersecurity incident 1. This represents a significant escalation from the initial disclosure in May 2025, when the company first reported unauthorized access to its information technology systems but had not yet confirmed data exfiltration 2. The steel giant, which employs over 32,000 people across numerous facilities in the United States, Mexico, and Canada, and reported revenue of $30.73 billion last year, has now provided a comprehensive update through its latest SEC filing that reveals the full scope of the breach 1.
In the updated SEC filing, Nucor stated that “the Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems” 1. This confirmation comes after an extensive investigation conducted with the assistance of external cybersecurity experts and federal law enforcement authorities 3. The company has indicated that it is currently “reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law” 1. While Nucor has characterized the stolen data as “limited,” the company has not yet disclosed the specific types of information that were compromised or the number of individuals potentially affected by the breach 4.
The Nucor data breach confirmation represents one of the most significant cyberattacks on the U.S. manufacturing sector in 2025, highlighting the increasing vulnerability of critical infrastructure to sophisticated cyber threats 4. The incident forced the temporary shutdown of production operations at multiple facilities as a precautionary measure, demonstrating the far-reaching impact that cybersecurity incidents can have on industrial operations 5. According to the company’s latest statements, affected systems have been restored and production operations have resumed, with Nucor believing that the threat actors have been evicted from their network 1.
Timeline and Impact of the Nucor Cybersecurity Incident
The Nucor cyberattack timeline began in early May 2025 when the company first detected unauthorized third-party access to certain information technology systems 2. On May 14, 2025, Nucor filed its initial SEC Form 8-K disclosure, revealing that it had “recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company” 3. The company immediately activated its incident response plan, taking potentially affected systems offline and implementing containment, remediation, and recovery measures 2.
The impact of the Nucor security breach extended beyond just data theft, as the company was forced to temporarily halt production operations at various locations as a precautionary measure 5. This operational disruption affected Nucor’s vast network of approximately 300 sites across North America, potentially impacting supply chains throughout the construction, automotive, and infrastructure development industries 6. The company’s proactive response, while costly in terms of lost production time, demonstrated the critical importance of having robust incident response procedures in place for manufacturing organizations 5.
Following the initial disclosure, Nucor worked diligently with external cybersecurity experts and federal law enforcement to investigate the full scope of the incident 7. The investigation process took several weeks to complete, with the company providing the updated confirmation of data theft in its subsequent SEC filing in June 2025 4. This timeline reflects the complex nature of cybersecurity incident investigations, particularly in large manufacturing environments where both information technology and operational technology systems may be affected 8.
Analysis of Nucor’s Cybersecurity Framework and Response
According to Nucor’s most recent annual report, the company has implemented a comprehensive cybersecurity risk management program based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and other applicable industry standards 9. The program includes key elements such as identification and assessment of cybersecurity threats, technical and organizational safeguards, processes to detect cybersecurity events, and incident response and recovery plans 9. Nucor’s cybersecurity function is led by a Cybersecurity Director with more than twenty years of experience in the field, who reports to the President of Nucor Business Technology 10.
The company’s cybersecurity governance structure includes a Risk Committee composed of senior management members, including the Executive Vice President of Business Services & General Counsel, President of Nucor Business Technology, and the Cybersecurity Director 10. This committee is responsible for overseeing the company’s response to cybersecurity incidents and has established processes for escalating notification to senior executives and the Board of Directors depending on the nature of the incident 11. The Audit Committee of the Board of Directors maintains oversight responsibility for cybersecurity risks, receiving regular reporting from cybersecurity leadership 10.
Despite these comprehensive measures, the successful breach of Nucor’s systems highlights the evolving sophistication of cyber threats targeting manufacturing organizations 12. The company’s SEC filings acknowledge that “despite efforts to assure secure and uninterrupted operations, threats from increasingly sophisticated cyberattacks or system failures could result in materially adverse operational disruptions or security breaches” 12. This incident serves as a stark reminder that even well-prepared organizations with robust cybersecurity frameworks can fall victim to determined attackers 13.
Manufacturing Sector Under Siege: The Broader Cybersecurity Threat Landscape
The manufacturing cybersecurity threats have intensified significantly in 2025, with the sector experiencing a growing wave of sophisticated attacks targeting factories, supply chains, and industrial systems 14. According to industry research, manufacturing appeared in 4% of dark web cybercrime posts in 2025, with the United States accounting for nearly 18% of all manufacturing-related cybersecurity discussions on criminal forums 14. The cost of cyberattacks in manufacturing is increasing faster than in any other industry, with global losses rising by 125% each year, potentially reaching $10 trillion by the end of 2025 1415.
Recent data from Comparitech’s analysis of 478 confirmed ransomware attacks on manufacturing companies from 2018 to July 2023 reveals the staggering financial impact of these incidents 16. Manufacturers worldwide have lost an estimated $46.2 billion to downtime from ransomware attacks over the five-and-a-half-year period, with average downtime caused by ransomware nearly doubling from 6.4 days in 2021 to 12.2 days in 2022 16. The longest downtime period recorded increased dramatically from 32 days in 2021 to 76 days in 2022, demonstrating the escalating severity of attacks 16.
Industrial control systems vulnerabilities represent a particularly concerning aspect of manufacturing cybersecurity 17. Many manufacturing facilities rely on legacy systems that lack modern security features, making them attractive targets for attackers seeking to disrupt operations or extract valuable information 17. Common vulnerabilities in industrial control systems include legacy systems, interconnectivity issues, lack of security updates, insufficient authentication mechanisms, and insecure network connections 17. The potential consequences of successful attacks on these systems include interruption of essential services, production line shutdowns, industrial espionage, and significant financial losses 17.
The steel industry cybersecurity challenges are particularly acute due to the sector’s critical role in global infrastructure and its increasing digital transformation 13. Steel manufacturers face unique risks including industrial espionage targeting proprietary manufacturing processes, ransomware attacks that can halt production operations, phishing and social engineering attacks exploiting employee vulnerabilities, and supply chain attacks that can compromise entire networks 13. The interconnected nature of steel production processes means that a cybersecurity incident at one facility can have cascading effects throughout the supply chain 18.
Why This Matters for Manufacturing and Steel Companies
The Nucor incident is not an isolated case. According to IBM’s X-Force 2025 threat intelligence report, manufacturing has been the most targeted industry for cyberattacks for four years running 1920. Manufacturing was the most targeted industry in 2021, with cyberattacks on manufacturers exceeding those aimed at financial services and insurance, representing 23.2% of the attacks X-Force remediated 19. Manufacturing was also the most targeted industry in the first half of 2024, seeing a 41% increase in attacks 16.
Hackers often exploit outdated technology and weak security practices common in factories 20. When a cyberattack hits, the cost can be huge: lost production, delayed shipments, damaged reputation, and even potential safety risks 6. Steel and manufacturing companies are especially vulnerable because:
Legacy Systems: Many facilities rely on older equipment not designed for today’s cyber threats 20. Interconnected Operations: Production lines depend on both IT (office systems) and OT (factory-floor machines), creating more entry points for hackers 17. Supply Chain Pressures: A single day of downtime can disrupt contracts with builders, automakers, and infrastructure projects 6. National Security Risks: Steel is critical for defense, transportation, and energy sectors, making it a high-value target for foreign hackers 6.
The financial stakes are enormous 6. For example, the 2021 Colonial Pipeline attack cost the company $4.4 million in ransom payments and led to gas price spikes nationwide 6. While Nucor has not disclosed costs, its stock price dipped 2% in early trading following the announcement 6. The growing number of attacks on manufacturers is related to the adoption of SCADA MODBUS and IoT devices, with cybercriminals scanning SCADA MODBUS OT devices for vulnerabilities 22 times more often than the year before 20.
What Can Companies Do – Simple Cybersecurity Best Practices
While cybersecurity can seem overwhelming, there are straightforward steps every steel and manufacturing company can take to reduce their risk 6. Here’s how to start:
1. Keep Software and Systems Updated
Many factories use decades-old machines that cannot be patched 6. For these systems, isolate them from the internet and monitor them closely 6. For newer equipment, install updates during scheduled maintenance windows 21. Even basic steps like changing default passwords on factory robots or sensors can prevent easy access for hackers 6. Nucor’s incident shows that unauthorized third parties can exploit weak login controls 2.
2. Control Access to Critical Systems
Limit who can log into production computers 6. For example, only maintenance supervisors—not all floor workers—should have access to systems controlling furnace temperatures 21. Use strong, unique passwords and add two-step verification for remote access 21. Implement multi-factor authentication for all remote access and privileged accounts 21. Segment your network to isolate critical systems holding personal identifying information, corporate data, and operational data 21.
3. Train Employees to Spot Red Flags
Most cyberattacks start with a phishing email or fraudulent phone call 19. Teach staff to avoid clicking links in unexpected messages (e.g., “Urgent Invoice Payment Required”), verify requests for sensitive data by contacting the sender directly, and report suspicious activity immediately 6. Regular training sessions, even 15-minute monthly refreshers, can significantly reduce risks 6. Conduct monthly company-wide phishing prevention and awareness exercises 10.
4. Back Up Data and Test Recovery Plans
Store backups of production schedules, inventory lists, and machine blueprints offline 6. If hackers lock your systems, backups allow you to restart operations without paying a ransom 6. Practice restoring data annually to ensure the process works 6. Implement disaster recovery and business continuity plans that address cybersecurity incidents 22.
5. Prepare an Incident Response Plan
Nucor’s quick shutdown of affected systems likely limited the damage 6. Every company should have a written plan that includes who to contact (e.g., IT team, law enforcement, customers), steps to isolate compromised machines, and a communications strategy for employees and stakeholders 6. Conduct drills twice a year to ensure everyone knows their role 6. Based on Cybersecurity Infrastructure Security Agency (CISA) modeling, conduct annual tabletop exercises with the help of third party specialists 9.
6. Work with Cybersecurity Experts
Most small-to-midsize manufacturers lack in-house IT teams 6. Partner with cybersecurity firms to scan networks for vulnerabilities, set up firewalls and intrusion detection systems, and monitor for suspicious activity 24/7 6. The cost of prevention is far lower than the cost of downtime 6. Engage independent cybersecurity firms to conduct penetration testing, vulnerability assessments, and security audits of IT and OT infrastructure 21.
7. Audit Third-Party Vendors
Hackers often target weaker vendors to reach larger companies 6. Require contractors and suppliers to meet basic security standards, such as using encrypted file sharing and multi-factor authentication 6. Conduct thorough cybersecurity risk assessments of all third-party vendors before onboarding, evaluating their security controls, data handling practices, and incident response capabilities 21.
Additional Resources: Government Cybersecurity Websites for Manufacturers
For steel and manufacturing businesses looking to strengthen their cybersecurity, several trusted government agencies offer free, practical resources tailored to the sector. These sites provide guides, checklists, assessment tools, and up-to-date information on threats and best practices. Here are some of the most valuable resources to help your company get started or improve your cybersecurity program:
- NIST Cybersecurity Resources for Manufacturers:
The National Institute of Standards and Technology (NIST) offers a comprehensive hub with practical guidance, self-assessment tools, and training specifically for manufacturers. The Manufacturing Extension Partnership (MEP) network can also help you evaluate your current risk and implement cost-effective solutions18. - CISA Critical Manufacturing Sector Resources:
The Cybersecurity and Infrastructure Security Agency (CISA) provides a wide range of resources for critical manufacturing, including sector-specific cybersecurity frameworks, threat alerts, and implementation guides. Their site is a go-to for understanding risks and building resilience in manufacturing operations23. - Department of Defense (DoD) Cybersecurity Resources:
The DoD Office of Small Business Programs maintains a platform with tools, training, and compliance guides aimed at helping businesses-especially those in the supply chain-meet cybersecurity requirements and stay protected4. - Industry Standards and Compliance Information:
NIST also provides guidance on regulatory requirements for manufacturers, including DFARS for defense contractors and foundational cybersecurity activities for IoT device makers8. Staying compliant helps protect your business and opens doors to more contracts.
If you’re unsure where to start, reach out to your local NIST MEP Center or consult the CISA resources for tailored advice and support. Regularly visiting these sites can help you stay ahead of new threats and ensure your company’s cybersecurity practices are up to date.
Quick Links:
- NIST Cybersecurity Resources for Manufacturers
- CISA Critical Manufacturing Sector Resources
- DoD Office of Small Business Programs – Cybersecurity
- NIST Manufacturing Sector Cybersecurity Guidance
Conclusion
The Nucor cyberattack update serves as a sobering reminder that no organization, regardless of size or cybersecurity investment, is immune to sophisticated cyber threats. The confirmation of data theft in Nucor’s latest SEC filing transforms what initially appeared to be a contained security incident into a significant data breach affecting one of North America’s most critical steel producers. This escalation underscores the persistent and evolving nature of manufacturing cybersecurity threats that continue to target industrial organizations with increasing frequency and sophistication.
The broader implications of the Nucor data breach extend far beyond a single company’s operational disruption. As manufacturing remains the most targeted industry for cyberattacks for the fourth consecutive year, the Nucor incident highlights the urgent need for comprehensive cybersecurity measures across the entire manufacturing sector. The temporary shutdown of production operations at multiple Nucor facilities demonstrates how quickly a cybersecurity incident can cascade through supply chains, potentially affecting construction projects, automotive manufacturing, and critical infrastructure development nationwide.
For steel industry cybersecurity professionals and manufacturing leaders, the Nucor incident provides several critical lessons. First, even organizations with robust cybersecurity frameworks based on NIST standards and experienced cybersecurity leadership can fall victim to determined attackers. Second, the timeline from initial detection to confirmed data theft revelation emphasizes the complex nature of cybersecurity incident investigations and the importance of thorough forensic analysis. Third, transparent communication with stakeholders through SEC filings and public disclosures, while potentially damaging to stock prices, builds trust and demonstrates corporate responsibility.
The manufacturing sector cyber threats will undoubtedly continue to evolve, with attackers developing increasingly sophisticated techniques to exploit vulnerabilities in both information technology and operational technology systems. The interconnected nature of modern manufacturing operations, combined with legacy systems that lack modern security features, creates an attack surface that requires constant vigilance and proactive defense measures. The rising costs of cyberattacks in manufacturing, potentially reaching $10 trillion globally by the end of 2025, make cybersecurity investment not just a protective measure but a business imperative.
Moving forward, the Nucor cybersecurity incident should serve as a catalyst for action across the manufacturing industry. Companies must prioritize implementing the basic cybersecurity best practices outlined in this article, from keeping software updated and controlling access to critical systems to training employees and preparing comprehensive incident response plans. The availability of government resources from NIST, CISA, and the Department of Defense provides manufacturers with practical, cost-effective tools to strengthen their cybersecurity posture without requiring massive capital investments.
Ultimately, the Nucor Corporation cyberattack update reinforces that cybersecurity is not a one-time investment but an ongoing commitment requiring continuous attention, regular updates, and adaptive strategies. As manufacturing operations become increasingly digitized and interconnected, the stakes will only continue to rise. The companies that proactively address these challenges today will be better positioned to maintain operational continuity, protect sensitive data, and preserve customer trust in an increasingly dangerous cyber landscape. The lessons learned from Nucor’s experience must not be forgotten but rather transformed into actionable improvements that strengthen the entire manufacturing sector’s resilience against future cyber threats.
Check out some of our other articles:
- Nucor Cyberattack 2025 Update: Data Breach Confirmed in Latest SEC Filing
- Nippon Steel Acquires U.S. Steel
- Cleveland Cliffs Raises Prices as 50% Tariffs Reshape Steel Market Dynamics
- Nucor Announces Price Increase
- Steel Industry News Community Poll: Reactions To The 50% Steel Tariffs
📬 Enjoying this article? Don’t miss the next one.
Subscribe to the Steel Industry News email newsletter to get the latest updates delivered straight to your inbox — from mill pricing to market shifts.
🆓 Stay informed with a free subscription, or
🔐 Unlock even more with a paid plan (4 months free with annual billing) and get:
✅ Full access to all in-depth newsletters and podcasts
📊 U.S. mill pricing, input costs, and production data
🌍 The latest Steel Industry News direct to you
📚 Exclusive subscriber-only E-Books, reports, guides & archives
🙌 Unlock Full Access to the Steel Market Insights & Strategy Guide
👉 Subscribe Below to unlock your complete resource library and enjoy 30% discount with an annual subscription!
