Nucor Corporation—the largest steelmaker in North America—revealed on May 14 that it was hit by a cyberattack that disrupted its IT systems and forced production halts at several sites in the U.S., Mexico, and Canada.
The company took immediate action, shutting down affected systems and activating its incident response plan. While production was paused as a precaution, Nucor is now working to bring its operations back online.
What Happened?
Nucor discovered unauthorized access to its network earlier this week and moved quickly to contain the breach. The company says it’s working with third-party cybersecurity firms and has contacted federal law enforcement to assist with the investigation.
So far, Nucor hasn’t said what kind of attack occurred—whether it involved data theft, ransomware, or another method—and hasn’t confirmed if any sensitive information was compromised.
Still, the incident fits a troubling pattern. It echoes the kind of disruption seen in past high-profile attacks, such as the 2021 ransomware strike on Colonial Pipeline that crippled fuel supplies along the U.S. East Coast.
Which Sites Were Hit?
Nucor hasn’t disclosed which facilities were affected or how many locations paused operations. It confirmed that multiple sites were impacted and that systems were taken offline as a safety measure.
As of the latest update, the company is working to restore full production. There’s no word yet on whether customers will experience delays or if the attack caused broader supply chain issues.
Why It Matters: Manufacturing Is Under Siege
Nucor’s breach is part of a broader trend. The manufacturing sector has been the top target for cyberattacks for four years running, according to IBM’s 2025 X-Force threat report.
Why is manufacturing so vulnerable?
- Many plants run on outdated technology that’s difficult to patch
- Downtime is costly, so companies are slower to halt production for upgrades
- There’s often a lack of hands-on cybersecurity training for industrial teams
“These environments weren’t built with cybersecurity in mind,” said Debbie Gordon, CEO of cyber defense firm Cloud Range. “You need real-world simulation training to prepare teams to detect and stop threats quickly.”
Gunter Ollmann, CTO at Cobalt, adds that response times in industrial settings lag behind other sectors because of old infrastructure and the steep cost of stopping production. “That delay creates an opening for attackers,” he said.
What’s Next for Nucor—and the Industry?
Nucor has committed to sharing more information as its investigation unfolds. The company is still assessing the scope of the breach and its full impact.
In the meantime, the incident is another wake-up call for manufacturers. Experts say it’s critical for companies to reassess their cybersecurity posture now—not after an attack.
From bolstering network defenses to training staff and securing legacy systems, the cost of prevention is becoming far cheaper than the price of recovery.
The steel giant’s experience will likely serve as a case study in what happens when cyber threats hit industrial giants—and how quickly they can bounce back.