Nippon Steel Solutions experienced a significant data breach involving a zero-day cyber attack that exploited a previously unknown software vulnerability in their network infrastructure. The breach, detected on March 7, 2025, compromised customer, partner, and employee personal information. The attack specifically targeted network equipment vulnerabilities before patches were available, making it particularly challenging to defend against. The compromised data includes names, organizational affiliations, job titles, company addresses, business email addresses, phone numbers, and employee department information. Despite the breach, the company’s cloud services remain unaffected. Nippon Steel has taken comprehensive measures to address the breach and prevent future incidents, including consulting with law enforcement, notifying affected parties, and implementing enhanced security measures.
Source: https://cybersecuritynews.com/nippon-steel-solutions-0-day-network-vulnerability/
TPRM report: https://scoringcyber.rankiteo.com/company/nsidn
"id": "nsi614070925",
"linkid": "nsidn",
"type": "Vulnerability",
"date": "7/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Steel and Manufacturing',
'name': 'Nippon Steel Solutions',
'type': 'Company'}],
'attack_vector': 'Zero-day Exploit',
'data_breach': {'personally_identifiable_information': True,
'type_of_data_compromised': ['Customer names, company names, '
'organizational affiliations, '
'job titles, company addresses, '
'business email addresses, phone '
'numbers',
'Partner names and business '
'email addresses',
'Employee names, department '
'information, positions, '
'business email addresses']},
'date_detected': 'March 7, 2025',
'description': 'Nippon Steel Solutions has disclosed a significant data '
'breach affecting customer, partner, and employee personal '
'information following a zero-day cyber attack that exploited '
'a previously unknown software vulnerability in their network '
'infrastructure.',
'impact': {'data_compromised': ['Customer names, company names, '
'organizational affiliations, job titles, '
'company addresses, business email addresses, '
'phone numbers',
'Partner names and business email addresses',
'Employee names, department information, '
'positions, business email addresses'],
'systems_affected': 'Internal network systems'},
'initial_access_broker': {'entry_point': 'Network equipment vulnerabilities'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': ['Isolating and '
'reconstructing compromised '
'devices',
'Implementing enhanced exit '
'monitoring systems',
'Deploying advanced '
'behavioral detection '
'capabilities',
'Strengthening overall '
'security posture'],
'root_causes': 'Previously unknown software '
'vulnerability in network '
'infrastructure'},
'references': [{'source': 'Nippon Steel Solutions'}],
'regulatory_compliance': {'regulatory_notifications': 'Personal Information '
'Protection Commission'},
'response': {'communication_strategy': ['Individually notifying affected '
'customers, partners, and employees',
'Advising affected individuals to '
'remain vigilant regarding suspicious '
'communications'],
'containment_measures': ['Isolating compromised systems from the '
'network'],
'enhanced_monitoring': True,
'law_enforcement_notified': True,
'remediation_measures': ['Reconstructing compromised devices',
'Implementing enhanced exit monitoring '
'systems',
'Deploying advanced behavioral '
'detection capabilities',
'Strengthening overall security posture '
'with additional protective measures'],
'third_party_assistance': 'External cybersecurity specialists'},
'threat_actor': 'Unauthorized third-party actors',
'title': 'Nippon Steel Solutions Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Previously unknown software vulnerability in '
'network infrastructure'}