Nippon Steel Solutions Corporation (NSSOL), a leading IT services subsidiary of Nippon Steel, has disclosed a significant data breach resulting from a sophisticated cyberattack. The incident, which came to light in early March 2025, was traced to hackers exploiting a previously unknown zero-day vulnerability in the company’s network equipment.
Incident Details
According to an official statement from NSSOL, suspicious activity was first detected on March 7, 2025. The company’s cybersecurity team responded swiftly, isolating the affected server from the rest of the network to prevent further unauthorized access. Subsequent investigations revealed that attackers had gained entry by leveraging a zero-day flaw—an unpatched vulnerability that was previously unknown to the equipment manufacturer and security community.
Impact and Affected Data
NSSOL confirmed that the breach exposed sensitive internal information. The compromised data potentially includes names, company affiliations, job titles, physical addresses, business email addresses, and phone numbers. Individuals affected by the breach may include customers, business partners, and employees.
Importantly, NSSOL emphasized that its cloud services provided to customers were not impacted by this incident. The company is continuing to assess the full scope of the breach and has not found evidence that any stolen data has been published on the dark web as of this report.
Response and Ongoing Investigation
In response to the breach, NSSOL immediately restricted external access to its systems and engaged external cybersecurity experts to conduct a comprehensive investigation. The company is working closely with business partners and relevant authorities to determine the precise cause and extent of the breach.
Due to the ongoing nature of the investigation, NSSOL has not disclosed specific details regarding the exploited vulnerability or the identity of the attackers.
