Cyber Incident Victim: Nyrstar

On January 22, 2019, Belgian metals producer Nyrstar experienced a cyber-attack that disrupted its information technology infrastructure. The company responded by proactively shutting down certain IT systems, including email services, to contain the incident. This action was taken as a precautionary measure to prevent further spread or escalation of the attack within their network environment. Nyrstar confirmed that its core industrial operations—including metals processing facilities and mining activities—remained unaffected by the cybersecurity incident, with no physical damage reported to production assets. The company issued a public statement on the same day acknowledging the attack and outlining initial containment steps. No specifics were provided regarding the attack vector, duration of system compromises, or identity of threat actors.

Nyrstar immediately engaged key IT partners and global cybersecurity agencies to develop a technical recovery plan following containment of the breach. The collaboration aimed to restore affected systems while maintaining operational continuity across its industrial sites. The company did not disclose whether data exfiltration occurred, financial losses were incurred, or customer operations were impacted by the IT shutdown. Throughout the incident response, Nyrstar maintained that production outputs and metallurgical processes continued without interruption, indicating successful isolation of operational technology (OT) networks from compromised IT infrastructure. Recovery efforts focused exclusively on business systems rather than industrial control environments, with no reported extensions to supply chain partners or subsidiary locations.