On May 14, 2025, Nucor Corporation, the largest steel producer in the United States, disclosed a cybersecurity incident involving unauthorized access to certain IT systems. In response, the Charlotte-based company proactively took affected systems offline and temporarily halted production at various locations as a precautionary measure.
In its 8-K filing with the U.S. Securities and Exchange Commission, Nucor stated: "Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures."
The company is actively investigating the breach with the assistance of external cybersecurity experts, and has notified federal law enforcement authorities. While specific details about the nature of the attack and the affected facilities have not been disclosed, Nucor emphasized that the shutdowns were implemented "in an abundance of caution."
Nucor operates approximately 300 locations across North America, including steel mills, fabrication plants, and recycling centers. The company reported $7.83 billion in sales for the first quarter of 2025 and employs around 25,000 individuals. Those results beat analysts' profit estimates, helped by higher steel shipments and improving steel spot prices.
Nucor considers itself the "largest and most diversified steel and steel products producer" in North America. It makes a number of products such as bars, beams, electrical conduit, girders, and fasteners, according to its website.
This incident underscores the growing cybersecurity threats facing critical infrastructure sectors, such as oil and gas. Manufacturers like Nucor are increasingly targeted by cyberattacks that can disrupt operations and supply chains. The company's swift response highlights the importance of robust incident response plans and collaboration with cybersecurity experts to mitigate potential damages.
As investigations continue, stakeholders across the manufacturing and cybersecurity industries will be closely monitoring developments to glean insights and reinforce their own defensive measures.
Don't miss the SecureWorld Critical Infrastructure virtual conference on August 28th. It's free, and attendees earn 6 CPE credits.
