Nucor confirms data breach exposed sensitive personal information in recent cyber attack

American steel manufacturer Nucor Corporation said that the data security incident it suffered last month compromised the sensitive personal data of individuals associated with the company.

 

In a 8-K filing with the U.S. Securities and Exchange Commission (SEC) on May 13, Nucor said it identified a data security incident where unauthorised threat actors infiltrated the company’s internal network and accessed certain systems.

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

Nucor also reported the incident to relevant law enforcement authorities and collaborated with them to resolve the matter at the earliest.

 

“As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. 

 

“However, the Company is currently in the process of restarting the affected operations,” the company said.

 

In a recent filing with the SEC, Nucor said that threat actors who infiltrated its internal network accessed and stole confidential personal information of individuals associated with the company.

 

“The Company’s investigation revealed that a threat actor illegally accessed the Company’s information technology systems.

 

“The Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law,” Nucor said in its filing.

 

The company added that all critical systems affected by the incident are now back online.

 

“Since the filing of the Original Form 8-K, the affected production operations, and access to necessary affected information technology applications, have been restored, and the Company believes that the threat actor no longer has access to the Company’s information technology systems,” the company added.

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on Nucor. The steel manufacturer also did not share details on who was behind the attack, how much data was compromised, or whether it has received a ransom demand.