Nucor, the largest steel producer and recycler in North America, has recently confirmed that attackers behind a significant cybersecurity incident have not only compromised its network but also stolen sensitive data. This announcement has raised concerns among stakeholders and customers alike, as the company navigates the aftermath of the breach.
Employing over 32,000 individuals across various mills in the U.S., Mexico, and Canada, Nucor generated a revenue of $30.73 billion last year, according to their latest financial reports (Nucor Reports). In an effort to mitigate the impact of the breach, the company promptly took down certain systems and temporarily halted production at selected facilities.
Following the incident, Nucor informed law enforcement authorities and engaged external cybersecurity experts to assist in the recovery and investigation processes. In a recent filing with the U.S. Securities and Exchange Commission (SEC Filing), the company disclosed that the attack resulted in a temporary limitation of access to some critical IT applications across its operations.
The investigation revealed that the threat actors had exfiltrated a limited amount of data from Nucor’s IT systems. However, as the company continues its review of the impacted data, it remains committed to notifying potentially affected parties and regulatory agencies as required by law. Nucor has reported restoring access to the affected systems, asserting that the threat actors have been evicted and no longer have access to their network.
As it stands, there have been no claims of responsibility from any ransomware operations regarding the Nucor attack, which is noteworthy given the typical modus operandi of cybercriminals who often engage in data theft before deploying ransomware. BleepingComputer reached out to Nucor for further comments, but the company has not responded to inquiries.