Steel manufacturer Nucor Corporation disclosed that it recently identified a cybersecurity incident involving unauthorized third-party access to certain IT systems used by the company. As of the date of this filing and in an abundance of caution, Nucor temporarily and proactively halted certain production operations at various locations. However, it is currently in the process of restarting the affected operations.
“Upon detecting the incident, the company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline, and implementing other containment, remediation, or recovery measures,” the Charlotte, North Carolina headquartered company revealed in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (SEC) on Wednesday. “The Company is actively investigating the incident with the assistance of leading external cybersecurity experts and has notified federal law enforcement authorities.”
As the investigation of the incident is ongoing, Nucor will continue to monitor the timing and materiality of the incident.
Commenting on the Nucor cybersecurity incident, Debbie Gordon, CEO and founder, Cloud Range, wrote in an emailed statement that while Nucor took the right steps to limit damage, taking systems offline shouldn’t be the only option.
“The deeper issue is a lack of preemptive cyber defense. Simulation-based training doesn’t just prepare teams to react—it builds the muscle memory to recognize and contain threats before they escalate,” according to Gordon. “That’s the difference between disruption and resilience. In industrial sectors where downtime costs millions, real-time detection and response capabilities aren’t optional—they’re mission-critical.”
Gunter Ollmann, CTO of Cobalt, observed that Nucor’s shutdown highlights a growing concern in manufacturing: critical exposure points are often left untested until a breach forces a response.
Citing Cobalt’s latest State of Pentesting Report, Ollmann wrote that the manufacturing industry takes, on average, 122 days to remediate vulnerabilities, the longest across all sectors. “That delay is often due to legacy systems that require vendor-built patches or the high cost of halting production to implement fixes. But these are precisely the reasons offensive security is so vital. Offensive security testing helps manufacturers proactively uncover and prioritize the most dangerous vulnerabilities before threat actors do. You can’t afford to wait until the damage is done.”
Last week, medical technology company Masimo Corporation revealed that it recently detected unauthorized access within its on-premise network, disrupting aspects of its manufacturing operations. The incident, discovered on April 27, led the company to implement its incident response measures, isolating impacted systems and launching an investigation in collaboration with external cybersecurity specialists.
