# Nippon Steel Solutions Hit by Zero-Day Data Breach Attack

**A Subsidiary of Japan's Largest Steel Company Falls Victim to Sophisticated Cyber Attack**

In a shocking disclosure, Nippon Steel Solutions, a subsidiary of Japan's largest steel company, Nippon Steel, recently revealed that it had suffered a data breach caused by hackers exploiting a zero-day vulnerability in its network equipment. This devastating cyber attack exposed sensitive personal data belonging to customers, partners, and employees.

**The Breach: A Zero-Day Attack**

On March 7, 2025, Nippon Steel Solutions detected suspicious server activity, which prompted an immediate investigation. The results of this investigation revealed that the company's internal network had been subjected to a zero-day attack, allowing unauthorized access to its systems. An investigation into the breach found that the hackers had exploited a software vulnerability in the company's network equipment, leading to potential leaks of personal data.

**A Message from Nippon Steel Solutions**

In a public statement, the company expressed its deepest apologies for the inconvenience and concern caused by this incident. "We have recently discovered that our company's internal network was subject to unauthorized access (zero-day attack) due to a software vulnerability, and that some of the personal information of our customers, partners, and employees held by our company may have been leaked to the outside." The statement continues, "After detecting the unauthorized access, we promptly took measures such as restricting access from outside, and cooperated with external specialist agencies to investigate the intrusion route, the scope of the impact, and the cause analysis, while also working with business partners to take the necessary measures."

**A Response to Concerns**

The company has reassured affected parties that it has notified them about the breach and is cooperating with external agencies to address the incident. Notably, Nippon Steel Solutions stated there was no evidence of information leaking on social media or the dark web. However, the company recommends that users be cautious when responding to suspicious phone calls or emails they do not recognize.

**Measures Taken by the Company**

Following the breach, Nippon Steel Solutions has taken significant steps to rectify the situation and strengthen its network security. With advice from external experts, the company has:

* Isolated and reconstructed devices that were illegally accessed * Implemented additional measures to address remaining risks, such as strengthening exit measures and behavior detection * Restored the safety of its internal network

**The Context: Nippon Steel's Acquisition of US Steel**

This data breach incident comes amidst Nippon Steel's acquisition of US Steel. The complexity of this acquisition highlights the potential vulnerabilities in companies undergoing significant mergers and acquisitions.

Stay informed about cybersecurity threats by following me on Twitter (@securityaffairs), Facebook, and Mastodon (SecurityAffairs – hacking, Nippon Steel Solutions).