Nippon Steel Hit by Zero-Day Cyberattack, Exposing Data of 100K+ Employees & Partners

One of the world’s largest steel manufacturing conglomerates, the Japanese company Nippon Steel, has reported a large-scale cyberattack during which hackers gained unauthorized access to data belonging to clients, employees, and business partners. The vulnerability was exploited on March 7, and the nature of the incident points to a zero-day attack.

According to official statements, the breach may have compromised information related to hundreds of international partners, over 100,000 employees, and an undisclosed number of clients. Among the exposed data were names, business addresses, job titles, corporate email addresses, and phone numbers—covering both ongoing transactions and finalized contracts.

The company emphasized that its cloud services provided to customers were unaffected, and that the malicious activity was swiftly contained: the affected server was disconnected from the network, and the fallout mitigated with the assistance of external cybersecurity specialists.

Yet questions are mounting within the industry—this marks the second security incident involving Nippon Steel in 2025 alone. In February, the cybercriminal group BianLian claimed responsibility for breaching the company’s U.S. division and exfiltrating over 500 GB of data, including financial records, client databases, internal documents, and contact details for top executives, including the CEO and company president.

A curious detail: shortly after the data was published on BianLian’s leak site, the page vanished. This has fueled speculation that Nippon Steel may have paid a ransom—a hallmark of the double extortion model, in which attackers first demand payment for data decryption, and then threaten renewed exposure or re-attack.

It remains unclear whether the two incidents are directly connected. Technically, however, the exploit used in March was indeed novel; the company clarified that it involved “a zero-day vulnerability in network hardware.”

What is known about the affected individuals:

• Clients: Name, company, job title, business address, email, phone number
• Partners: Name, corporate email address
• Employees: Name, department, position, work email

As of now, there is no evidence that the compromised data has appeared on public forums or dark web marketplaces. Nevertheless, the company has warned all affected individuals to remain vigilant against suspicious emails and calls, as targeted phishing campaigns are a distinct possibility.

Nippon Steel has already notified its internal business units and begun distributing breach notifications to potential victims—a process still underway for some.

The breach occurred just weeks after Nippon Steel finalized its acquisition of U.S. Steel, the American industrial giant. The merger had already stirred significant debate, and its execution was postponed shortly before the first cyberattack in February. Now, cybersecurity threats appear to have become a tangible risk to the company’s global infrastructure—and there are no assurances that further attacks won’t follow.

Indeed, threat actors are increasingly employing double extortion tactics, and paying the ransom offers no guarantee of long-term data security. This is precisely why large enterprises must remain ever vigilant in the digital arena.