top of page

Nucor Confirms Data Theft Following Network Breaches

  • Writer: Cytopus
    Cytopus
  • Jun 25
  • 3 min read

Nucor has confirmed that attackers behind a recent cybersecurity breach have stolen data from its internal systems. As North America's largest steel producer and recycler, with over 32,000 employees and $30.73 billion in reported revenue last year, the company is now facing scrutiny over its cyber resilience and regulatory responsibilities.


Incident Overview

Nucor Corporation, the largest steel producer and recycler in North America, has confirmed that a recent cyberattack resulted in unauthorized data exfiltration from its internal systems. The breach, first disclosed in May, resulted in temporary production halts and system shutdowns at several facilities in the U.S., Mexico, and Canada. Nucor employs over 32,000 people and reported annual revenue of $30.73 billion in 2024, making the attack one of the most high-profile industrial sector breaches this year. The company reported in a new SEC filing that the attackers managed to extract a limited set of data from its IT systems. While the exact nature of the stolen data remains under investigation, Nucor states that it is evaluating the scope of the breach and preparing to notify affected individuals and regulatory bodies as necessary.


Repeat Breach Raises Concerns

Nucor has generally maintained a low profile in terms of cybersecurity, but it came under increased scrutiny in 2021 after a phishing campaign targeted employees at multiple plants. While no large-scale data breach was confirmed, internal reports indicated that access credentials were compromised. This prompted the company to implement a company-wide reset of login systems and to adopt multi-factor authentication (MFA).


Potential Financial Impact

The company has not disclosed specific figures, but cyber incidents of this scale can result in millions of dollars in losses. In heavy industry, operational disruptions typically cost between $250,000 and $500,000 per hour. With multiple Nucor facilities offline during the attack, even a brief delay could lead to significant financial damage. Costs from forensic investigations, legal consultations, data breach notifications, and system recovery could push total losses into the seven or eight-figure range.


Regulatory and Compliance Implications

Nucor is facing significant regulatory challenges across multiple jurisdictions. In the EU, the General Data Protection Regulation (GDPR) applies if European stakeholders or data subjects are impacted, allowing for fines of up to €20 million or 4% of global annual turnover. The NIS2 Directive, which governs critical infrastructure sectors including manufacturing, mandates stringent cybersecurity controls and incident disclosures, with non-compliance potentially resulting in fines of up to €10 million or 2% of global turnover. The Cyber Resilience Act (CRA) requires EU industrial systems to have secure-by-design architecture and real-time vulnerability monitoring, with penalties like recalls or market restrictions. In Canada, PIPEDA mandates breach notifications and data protection practices, while in the U.S., Nucor must comply with SEC cybersecurity disclosure rules and the CISA Cybersecurity Risk Management Framework.

How Cytopus Can Help Your Business

Cytopus provides specialized tools and services designed to meet the specific challenges of critical infrastructure and manufacturing environments:

  • Continuous Vulnerability Management: Our platform performs real-time scans to detect and remediate vulnerabilities across your enterprise environment, before they can be exploited.

  • Security Compliance and Risk Assessment: We help organizations align their security posture with leading frameworks, including GDPR, CRA, DORA, and NIS2, thereby minimizing regulatory exposure.

  • Threat Intelligence and Threat Detection: Leveraging AI-driven analysis, Cytopus ingests global threat feeds to detect exploitation attempts against zero-days and critical flaws.

  • Continuous Monitoring and Incident Response: Cytopus provides 24/7 security operations, combining automated detection with expert-led incident response to swiftly contain and address breaches.

  • Business Continuity and Disaster Recovery Planning: We help develop and validate disaster recovery and business continuity plans to ensure minimal disruption in the event of security incidents


bottom of page