Data Breaches

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack

Nippon Steel Solutions has disclosed a data breach that resulted from the exploitation of a zero-day in network equipment.

Nippon Steel data breach

Japan-based Nippon Steel Solutions on Tuesday disclosed a data breach that resulted from the exploitation of a zero-day vulnerability.

Nippon Steel Solutions, also called NS Solutions, offers cloud, cybersecurity and other IT solutions. The company is a subsidiary of Japanese steel giant Nippon Steel, which recently acquired US Steel in a controversial deal. 

Nippon Steel Solutions said in a statement posted on its Japanese-language website that it detected suspicious activity on some servers on March 7. 

An investigation showed that hackers had exploited a zero-day flaw in unspecified network equipment, and gained access to information on customers, partners and employees. 

In the case of customers, the attackers may have stolen information such as name, company name and address, job title, affiliation, business email address, and phone number. 

The exposed information in the case of partners includes names and business email addresses, while in the case of employees the attackers may have obtained names, business email addresses, job titles, and affiliation. 

Advertisement. Scroll to continue reading.

Nippon Steel Solutions said the information may have been exfiltrated, but to date it has found no evidence of a data leak on the dark web or elsewhere.

The notorious ransomware group BianLian claimed to have stolen hundreds of gigabytes of data from Nippon Steel USA in mid-February, including files related to finances, employees, and production. 

The cybercriminals at the time threatened to leak all of the stolen data, but the group went dark a few weeks later. 

Nippon Steel does not appear to have confirmed a data breach in response to BianLian’s claims and it’s unclear if the two incidents are related.

SecurityWeek has reached out to NS Solutions for clarifications and will update this article if the company responds. 

Related: Steelmaker Nucor Says Hackers Stole Data in Recent Attack

Related: Qantas Data Breach Impacts Up to 6 Million Customers

Related: Ingram Micro Scrambling to Restore Systems After Ransomware Attack

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version