Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company. Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. The Company is actively investigating the incident with the assistance of leading external cybersecurity experts and has notified federal law enforcement authorities. As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. However, the Company is currently in the process of restarting the affected operations.
As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident.
Certain statements made in this report, or in other public filings, press releases, or other written or oral communications made by Nucor, which are not historical facts are forward-looking statements subject to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995. These forward-looking statements involve risks and uncertainties which we expect will or may occur in the future and may impact our business, financial condition and results of operations. The words “anticipate,” “believe,” “expect,” “intend,” “project,” “may,” “will,” “should,” “could” and similar expressions are intended to identify those forward-looking statements. These forward-looking statements reflect the Company’s best judgment based on current information, and, although we base these statements on circumstances that we believe to be reasonable when made, there can be no assurance that future events will not affect the accuracy of such forward-looking information. As such, the forward-looking statements are not guarantees of future performance, and actual results may vary materially from the projected results and expectations discussed in this report. Factors that might cause the Company’s actual results to differ materially from those anticipated in forward-looking statements include, but are not limited to: the Company’s ongoing assessment of the impacts of the cybersecurity incident, including the Company’s potential discovery of additional information related to the incident in connection with its investigation or otherwise; the Company’s expectations regarding its ability to contain and remediate the cybersecurity incident; the impact of the cybersecurity incident on the Company’s relationships with customers, employees, and governmental regulators; the legal, reputational, and financial risks resulting from the cybersecurity incident, including as may arise from any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with the incident; remediation and other additional costs that may be incurred by the Company in connection with the investigation and remediation of the incident; and the risks discussed in “Item 1A. Risk Factors” of the Company’s Annual Report on Form
10-K
for the year ended December 31, 2024, as may be supplemented by “Item 1A. Risk Factors” in the Company’s subsequent Quarterly Reports on Form
10-Q
and in the Company’s other periodic and current reports filed with the SEC.