Breach taxonomy
Summary
Around May 13, 2025, Nucor Corporation identified unauthorized third-party access to certain IT systems and promptly activated its incident response plan, taking affected systems offline and engaging external cybersecurity experts. As a precautionary measure, production operations were temporarily halted at various locations. A follow-up 8-K/A filed June 20, 2025 confirmed that the threat actor exfiltrated limited data and that all affected production operations and IT systems had since been fully restored. The incident was determined not material to Nucor's financial condition or results of operations.
Tagging rationale
ThreatUnknown
Filing refers to 'unauthorized third party' without identifying actor type -> UNKNOWN.
MethodsMalwareData Exfil
Original filing describes unauthorized third-party access requiring system shutdowns and containment; the 8-K/A amendment confirms the threat actor also exfiltrated limited data -> MALWARE + DATA-EXFIL.
AssetsRevenue Process
Filing states production operations at various locations were temporarily halted — revenue-generating manufacturing processes directly impacted -> REVENUE-PROCESS.
EffectsBiz InterruptionInfo Privacy Loss
Production operations were temporarily halted at multiple locations (BIZ-INTERRUPTION); the 8-K/A confirms limited data was exfiltrated (INFO-PRIVACY-LOSS).
Business continuityEffective
8-K/A states affected production operations and IT application access have been fully restored and the threat actor no longer has access -> Effective.
Impact
Large-cap steel manufacturer with production halted at multiple locations; restart underway but scope and materiality still being assessed as of filing -> score 3.
InsuranceNot disclosed
Filing makes no mention of insurance -> null.
Read the original SEC filing excerpt
Item 1.05. Material Cybersecurity Incidents. As disclosed in the Original Form 8-K, the Company recently experienced a cybersecurity incident affecting certain information technology systems used by the Company. The Company's investigation revealed that a threat actor illegally accessed the Company's information technology systems. The cybersecurity incident resulted in a temporary limitation of access to portions of the Company's information technology applications supporting some aspects of the Company's operations at some of the Company's facilities, and as noted in the Original Form 8-K, in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. The Company's investigation also determined that the threat actor exfiltrated limited data from the Company's information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law. Since the filing of the Original Form 8-K, the affected production operations, and access to necessary affected information technology applications, have been restored, and the Company believes that the threat actor no longer has access to the Company's information technology systems. The cybersecurity incident has not had a material impact, and is not reasonably likely to have a material impact, on the Company's business operations, and has not had a material impact, and is not reasonably likely to have a material impact, on the Company's financial condition or results of operations.