Nippon Steel IT Unit Targeted in Zero-Day Cyberattack

▼ Summary
– NS Solutions, owned by Nippon Steel, confirmed a potential data leak affecting employees, partners, and customers due to a cyber-attack.
– The breach, detected on March 7, 2025, involved a zero-day exploit in network equipment, exposing personal and sensitive information.
– Exposed data included names, business emails, positions, and company details for customers, partners, and employees, but no misuse was confirmed at the time.
– NS Solutions isolated and rebuilt affected systems, restored its internal network, and reported the incident to authorities and partners.
– Nippon Steel, which acquired US Steel for $14.9bn in June 2025, faced political concerns over the deal during the 2024 US election.
A major cyberattack has compromised sensitive data at NS Solutions, the IT services division of Japanese steel giant Nippon Steel. The breach, discovered in early March 2025, involved unauthorized access through an undisclosed vulnerability in network equipment, a classic zero-day exploit that potentially exposed personal information belonging to employees, clients, and business partners.
Investigations revealed that hackers may have accessed names, professional titles, corporate email addresses, and phone numbers across multiple groups. While no evidence yet confirms the stolen data circulating online, the company warns affected parties to remain vigilant against phishing attempts and suspicious communications.
NS Solutions acted quickly to contain the breach by severing external connections to compromised systems. Critical security upgrades followed, including system isolation, infrastructure rebuilding, and enhanced monitoring protocols. Authorities including Japan’s Personal Information Protection Commission were notified, and the firm pledged compliance with national data protection laws to notify impacted individuals.
The incident coincides with Nippon Steel’s contentious $14.9 billion acquisition of US Steel, a deal that drew political scrutiny during the 2024 U.S. election cycle. Cybersecurity experts emphasize that such high-profile mergers often make companies prime targets for sophisticated attacks.
Image: A blurred digital lock symbolizing cybersecurity vulnerabilities, credit: Shutterstock
(Source: InfoSecurity)