Nucor gives update on cyberattack, no 'material impact'

“We are reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law,” a Nucor spokesperson told SMU on Monday.

“The cybersecurity incident has not had a material impact and is not reasonably likely to have a material impact, on our business operations or financial condition or results of operations,” the spokesperson added.

This was also detailed in a Form 8-K/A with the US Securities and Exchange Commission filed on June 20.

Update

As an update, Nucor said in the filing the “affected production operations, and access to necessary affected information technology applications, have been restored.”

Also, the company believes the “threat actor” no longer has access to its information technology systems. 

Nucor has worked with outside cybersecurity experts “to further reinforce its information technology systems and to prevent future unauthorized access.”

The spokesperson told SMU: “We want to thank our customers, partners, and teammates for their continued support, cooperation, and patience as we resolved this matter.”

Background

In the filing, Nucor said its investigation revealed a “a threat actor illegally accessed the company’s information technology systems.”

The company again noted it “temporarily and proactively halted certain production operations at various locations,” though no further information was given on location. 

Nucor added that the threat actor “exfiltrated limited data from the company’s information technology systems.”

Following the incident, Nucor said it activated its incident response plan.

This included “proactively taking potentially affected systems offline, restoring affected data from backup systems, and implementing other containment, remediation, and recovery measures.”