Steel Giant Nucor Confirms Data Breach But Operations Return to Normal

Rhea-AI Filing Summary

Nucor Corporation filed an amended 8-K (Amendment No. 1) providing additional details about a previously reported cybersecurity incident. Key findings from the investigation revealed:

• A threat actor illegally accessed company IT systems and exfiltrated limited data
• The company temporarily halted certain production operations and proactively took affected systems offline
• All affected production operations and IT applications have been restored
• The threat actor no longer has access to company systems

The company implemented immediate containment measures, including activating incident response plans, restoring data from backups, and engaging external cybersecurity experts. Nucor states the incident has not had and is not reasonably likely to have a material impact on business operations, financial condition, or results of operations. The company is reviewing impacted data and will notify affected parties and regulatory agencies as required by law.

Positive

• Company successfully restored affected production operations and IT systems following the cybersecurity incident
• Management confirms the cybersecurity incident has not had and is not expected to have a material impact on business operations, financial condition, or results

Negative

• Company experienced unauthorized system access with data exfiltration requiring temporary production halts at various facilities
• Potential legal, reputational, and regulatory risks from the cybersecurity incident and possible future costs related to investigation and remediation

8-K Event Classification

Item 1.05 — Material Cybersecurity Incidents

1 item

Item 1.05 Material Cybersecurity Incidents Business

A cybersecurity incident that the company has determined to be material to investors.

Understanding 8-K Material Events →

true0000073309 0000073309 2025-05-13 2025-05-13

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 8-K/A

(Amendment No. 1)

CURRENT REPORT

Pursuant to Section 13 or 15(d)

of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported): May 13, 2025

NUCOR CORPORATION

(Exact name of Registrant as Specified in Its Charter)

Delaware		1-4119		13-1860817
(State or Other Jurisdiction of Incorporation)		(Commission File Number)		(IRS Employer Identification No.)
1915 Rexford Road, Charlotte, NC				28211
(Address of Principal Executive Offices)				(Zip Code)

Registrant’s Telephone Number, Including Area Code: (704) 366-7000

Not Applicable

(Former Name or Former Address, if Changed Since Last Report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class		Trading Symbol(s)		Name of each exchange on which registered
Common Stock, par value $0.40 per share		NUE		New York Stock Exchange

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§ 240.12b-2 of this chapter).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Explanatory Note

This Amendment No. 1 (this “Amendment”) to the Current Report on Form 8-K filed by Nucor Corporation (the “Company”) on May 14, 2025 (the “Original Form 8-K”) provides supplemental information under Item 1.05 regarding the cybersecurity incident disclosed on the Original Form 8-K, and should be read in conjunction with the Original Form 8-K.

Item 1.05. Material Cybersecurity Incidents.

As disclosed in the Original Form 8-K, the Company recently experienced a cybersecurity incident affecting certain information technology systems used by the Company. The Company’s investigation revealed that a threat actor illegally accessed the Company’s information technology systems. The cybersecurity incident resulted in a temporary limitation of access to portions of the Company’s information technology applications supporting some aspects of the Company’s operations at some of the Company’s facilities, and as noted in the Original Form 8-K, in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. The Company’s investigation also determined that the threat actor exfiltrated limited data from the Company’s information technology systems. The Company is reviewing and evaluating the impacted data and will carry out any appropriate notifications to potentially affected parties and to regulatory agencies as required by applicable law.

Upon detecting the unauthorized access, the Company immediately took steps to contain, assess, and remediate the cybersecurity incident, including activating its incident response plan, proactively taking potentially affected systems offline, restoring affected data from backup systems, and implementing other containment, remediation, and recovery measures. The Company also engaged leading external cybersecurity experts to assist with its investigation and recovery efforts and notified federal law enforcement authorities.

Since the filing of the Original Form 8-K, the affected production operations, and access to necessary affected information technology applications, have been restored, and the Company believes that the threat actor no longer has access to the Company’s information technology systems. As part of its remediation efforts, the Company worked with its outside cybersecurity experts to further reinforce its information technology systems and to prevent future unauthorized access.

The cybersecurity incident has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s business operations, and has not had a material impact, and is not reasonably likely to have a material impact, on the Company’s financial condition or results of operations.

Forward-Looking Statements

Certain statements made in this report, or in other public filings, press releases, or other written or oral communications made by Nucor, which are not historical facts are forward-looking statements subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. These forward-looking statements involve risks and uncertainties which we expect will or may occur in the future and may impact our business, financial condition and results of operations. The words “anticipate,” “believe,” “expect,” “intend,” “project,” “may,” “will,” “should,” “could” and similar expressions are intended to identify those forward-looking statements. These forward-looking statements reflect the Company’s best judgment based on current information, and, although we base these statements on circumstances that we believe to be reasonable when made, there can be no assurance that future events will not affect the accuracy of such forward-looking information. As such, the forward-looking statements are not guarantees of future performance, and actual results may vary materially from the projected results and expectations discussed in this report. Factors that might cause the Company’s actual results to differ materially from those anticipated in forward-looking statements include, but are not limited to: the Company’s ongoing assessment of the impacts of the cybersecurity incident, including the Company’s potential discovery of additional information related to the incident in connection with its investigation or otherwise; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the impact of the cybersecurity incident on the Company’s relationships with customers, employees, and governmental regulators; the legal, reputational, and financial risks resulting from the cybersecurity incident, including as may arise from any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with the incident; remediation and other additional costs that may be incurred by the Company in connection with the investigation and remediation of the incident; and the risks discussed in “Item 1A. Risk Factors” of the Company’s Annual Report on Form 10-K for the year ended December 31, 2024, as may be supplemented by “Item 1A. Risk Factors” in the Company’s subsequent Quarterly Reports on Form 10-Q and in the Company’s other periodic and current reports filed with the SEC.

1

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

				NUCOR CORPORATION
Date: June 20, 2025				By:		/s/ Stephen D. Laxton
						Stephen D. Laxton
						Chief Financial Officer and Executive Vice President

2

FAQ

What type of cybersecurity incident did NUE experience in May 2025?

According to NUE's 8-K/A filing, the company experienced unauthorized access by a threat actor who illegally accessed their information technology systems. The incident resulted in temporary limitations to IT applications and led to proactive halting of certain production operations at various locations. The threat actor also exfiltrated limited data from the company's IT systems.

Has NUE resolved the May 2025 cybersecurity incident?

Yes, NUE has resolved the incident. The company reports that affected production operations and access to necessary IT applications have been restored. They have confirmed the threat actor no longer has access to their IT systems. The company worked with external cybersecurity experts to reinforce their IT systems and prevent future unauthorized access.

Will the 2025 cybersecurity incident have a material impact on NUE's financial performance?

According to the filing, the cybersecurity incident has not had and is not reasonably likely to have a material impact on NUE's business operations, financial condition, or results of operations.

What immediate actions did NUE take to address the cybersecurity breach in 2025?

NUE took several immediate actions including: 1) activating their incident response plan, 2) proactively taking potentially affected systems offline, 3) restoring affected data from backup systems, 4) implementing containment and recovery measures, 5) engaging leading external cybersecurity experts, and 6) notifying federal law enforcement authorities.

Is NUE required to notify anyone about the data breach from May 2025?

Yes, the filing states that NUE is reviewing and evaluating the impacted data and will carry out appropriate notifications to potentially affected parties and regulatory agencies as required by applicable law.