2025-05-14 NUCOR CORP Cybersecurity Incident

Page last updated on June 23, 2025

NUCOR CORP initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-05-14 06:05:37 EDT.

Company Summary

Nucor Corporation steel production company that provides a diverse range of steel and steel products.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2025-05-14
Disclosure Date: 2025-05-14
Contained Date:
Recovered Date: 2025-06-20

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2025-05-14

NUCOR CORP filed an 8-K at 2025-05-14 06:05:37 EDT
Accession Number: 0001193125-25-119311

Item 1.05 Material Cybersecurity Incidents.

Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company. Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. The Company is actively investigating the incident with the assistance of leading external cybersecurity experts and has notified federal law enforcement authorities. As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. However, the Company is currently in the process of restarting the affected operations.

As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident.

8-K/A filed on 2025-06-20

NUCOR CORP filed a 8-K/A at 2025-06-20 06:06:02 EDT
Accession Number: 0001193125-25-143135

Item 1.05 Material Cybersecurity Incidents.

As disclosed in the Original Form 8-K, the Company recently experienced a cybersecurity incident affecting certain information technology systems used by the Company. The Company’s investigation revealed that a threat actor illegally accessed the Company’s information technology systems. The cybersecurity incident resulted in a temporary limitation of access to portions of the Company’s information technology applications supporting some aspects of the Company’s operations at some of the Company’s facilities, and as noted in the Original Form 8-K, in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. The Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.

Upon detecting the unauthorized access, the Company immediately took steps to contain, assess, and remediate the cybersecurity incident, including activating its incident response plan, proactively taking potentially affected systems offline, restoring affected data from backup systems, and implementing other containment, remediation, and recovery measures. The Company also engaged leading external cybersecurity experts to assist with its investigation and recovery efforts and notified federal law enforcement authorities.

Since the filing of the Original Form 8-K, the affected production operations, and access to necessary affected information technology applications, have been restored, and the Company believes that the threat actor no longer has access to the Company’s information technology systems. As part of its remediation efforts, the Company worked with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access.

The cybersecurity incident has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s business operations, and has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s financial condition or results of operations.

Company Information