Bridgestone Americas Under Siege: Cyberattack Disrupts Manufacturing Across North America

Bottom Line Up Front: Bridgestone Americas, the world's largest tire manufacturer by production volume, confirmed a cyberattack on September 2, 2025, that disrupted operations at multiple North American facilities, including plants in South Carolina and Quebec. The company contained the incident early and expects full operational recovery within days, though this marks the second major cyberattack on the tire giant in three years.

Tire manufacturing giant Bridgestone Americas has fallen victim to a sophisticated cyberattack that temporarily crippled operations at several key North American production facilities. The incident, which began over the Labor Day weekend, forced the company to implement emergency protocols and highlights the growing vulnerability of critical manufacturing infrastructure to cyber threats.

Attack Timeline and Immediate Response

The cyberattack first became apparent on Tuesday, September 2, 2025, when reports surfaced about a cybersecurity incident impacting two of BSA's production facilities in Aiken County, South Carolina. By Wednesday, Canadian media outlets reported similar disruptions at BSA's manufacturing facility in Joliette, Quebec.

Bridgestone's response was swift and decisive. "Bridgestone Americas continues to investigate a limited cyber incident impacting some of our manufacturing facilities," the company stated. "Our team responded quickly to contain the issue in keeping with our established protocols."

Discovery and Containment

According to security reports, At approximately 2:00 AM local time on Tuesday, Bridgestone's security team detected unusual network traffic and unauthorized access attempts on its internal production control systems—specifically, its SCADA (Supervisory Control and Data Acquisition) network segment. The company's cybersecurity framework, comprising multi-factor authentication (MFA), network segmentation, and continuous security monitoring, enabled rapid identification of the breach.

The company believes that its rapid response contained the attack at its early stages, preventing customer data theft or deep network infiltration. Bridgestone maintains confidence that "we were able to contain this limited cyber incident early" and that "no customer data or interfaces were compromised."

Facilities Affected and Operational Impact

South Carolina Operations

The attack significantly impacted Bridgestone's two major facilities in Aiken County, South Carolina. These plants, which are critical components of the company's North American tire production network, were forced to temporarily halt normal operations. At the affected plants, employees whose normal duties were stopped were reportedly given a choice: stay on-site to perform preventive maintenance for a full day's pay or go home without pay.

Quebec Manufacturing Hub

The disruption extended to Bridgestone's substantial manufacturing facility in Joliette, Quebec, which employs approximately 1,400 workers. In the city of Joliette, in the Canadian province of Quebec, a Bridgestone facility employing 1400 has halted operations since August 31, according to several local media outlets.

The Quebec facility suspension was particularly notable, with an internal memo reportedly sent to the plant's 1400 employees alerting them the facility's operations were suspended on Sunday. Joliette Mayor Pierre-Luc Bellerose, who contacted company executives directly, believes all North American plants were affected by the incident.

Employee Compensation and Support

Recognizing the disruption to workers' livelihoods, Bridgestone took steps to minimize the financial impact on employees. After being told to stay home and fearing the risk of not being paid, the employees of the Joliette plant will receive CAD$200 per day (USD$145), Le Journal de Montreal reported. This approach demonstrates the company's commitment to maintaining workforce stability during the crisis.

Company Profile and Strategic Importance

Bridgestone Americas represents a massive industrial operation with significant economic impact across North America. BSA operates 50 production facilities and employs 55,000 people, representing roughly 43% of Bridgestone Corporation's total size. In 2024, BSA alone delivered $12 billion in sales and $1.2 billion in operating profit.

Founded in 1931 and headquartered in Nashville, Tennessee, Bridgestone Americas serves as the parent company of Firestone and maintains 13 corporate offices across North and South America, including operations in Canada, Mexico, Brazil, Argentina, and Costa Rica. The company boasts nearly three dozen manufacturing plants across the Americas, making it a critical component of the continental automotive supply chain.

Historical Context: The 2022 LockBit Attack

This incident marks the second major cybersecurity challenge for Bridgestone in recent years. The company suffered a significant ransomware attack in 2022 that also forced production to a halt and was attributed to the LockBit hacking group.

2022 Attack Timeline

The previous attack provides important context for understanding Bridgestone's current vulnerabilities:

• February 27, 2022: Bridgestone Americas detected an IT security incident and began investigating a potential information security incident
• March 9, 2022: All plants operated by Bridgestone Americas had resumed normal operations—ten days after the cyberattack derailed work at factories
• March 11, 2022: The LockBit ransomware gang claimed responsibility and threatened to leak stolen data

Lessons from 2022

The 2022 ransomware attack had significant consequences. Bridgestone later disclosed that the cyberattackers had accessed business records as well as files containing Social Security numbers, bank information, and other sensitive data on some of its customers. The attack forced the company to shut down its networks at manufacturing and retreading facilities in North America and Latin America for several days.

Tom Corridon, Bridgestone Americas' CISO, later reflected on the experience: "When you want to pull a lever, when you want to make a decision about disconnecting networks, or paying a ransom, who makes those decisions? To know that going in is really, really important because then you are not caught flatfooted."

Current Investigation and Attribution

As of the time of writing, no ransomware groups have assumed responsibility for the attack at Bridgestone Americas. However, cybersecurity experts note similarities to recent high-profile attacks. The exact nature of the attack is currently unknown, and no threat group has taken formal responsibility.

Some security analysts have drawn parallels to the recent surge in manufacturing-focused cyberattacks. However, it's worth noting that a group called Scattered Lapsus$ Hunters has been particularly active in recent weeks, claiming responsibility for attacks on other major companies like Jaguar Land Rover and Salesforce.

Attack Characteristics

Paul Bischoff, consumer privacy advocate at Comparitech, recognizes that this attack has many of the hallmarks of a ransomware attack, although ransomware hasn't been confirmed as the culprit yet. "Bridgestone suffered a previous ransomware attack in 2022 by LockBit, which would make this the second time that the company fell victim to ransomware. This attack actually disrupted the company's manufacturing facilities, not just non-essential stuff like communications, sales, and payroll, like we see with most attacks."

Supply Chain and Economic Implications

The attack's timing and scope raise significant concerns about supply chain resilience in the automotive and transportation sectors. The company stated that its staff is working around the clock to mitigate the impact and minimize the fallout in the supply chain, which could lead to product shortages in the market.

Manufacturing Sector Vulnerabilities

Rebecca Moody, head of data research at Comparitech, noted in an August ransomware roundup report that manufacturers are facing an increasing number of ransomware attacks (figures rose by 57 percent from July to August). "Manufacturers are a prime target for hackers due to the amount of disruption they can cause by encrypting systems–something we're also seeing with Jaguar Land Rover in the UK."

Industry-Wide Concerns

Chris Hauk, a consumer privacy champion at Pixel Privacy, observed: "We can expect to continue to see cyber-attacks on companies like this, attacks that aren't aimed at stealing data but that target their manufacturing facilities." This shift from data theft to operational disruption represents a significant evolution in cybercriminal tactics.

Recovery Efforts and Business Continuity

Bridgestone has demonstrated a methodical approach to recovery while maintaining transparency about the ongoing investigation. The company expects operations to return to normal within days. "Although some plants were impacted, we have been methodically returning them back to full operation without incident and expect this to be completed over the coming days," according to a company spokesperson.

Forensic Investigation

The company has launched a comprehensive forensic analysis to understand the full scope and nature of the incident. "While our forensic analysis is ongoing, we remain confident that we were able to contain this limited cyber incident early," Bridgestone stated.

Bridgestone is working with external cybersecurity specialists to investigate the incident, though the company has not disclosed which firms are assisting with the investigation—a contrast to the 2022 incident when the company publicly acknowledged working with Accenture Security.

Expert Analysis and Industry Response

Cybersecurity experts have provided valuable insights into the broader implications of this attack for the manufacturing sector.

Operational Technology Risks

Erich Kron, Security Awareness Advocate at KnowBe4, explained the critical challenge for manufacturers: "Even a minor attack can require a shutdown of production lines, which is a complex process. He stressed the need for a solid business continuity plan and a human risk management program to combat social engineering attacks like phishing, which are often the entry point for malware."

Prevention and Preparedness

The incident underscores the importance of robust cybersecurity measures in manufacturing environments. Modern industrial facilities rely heavily on interconnected systems that combine traditional operational technology (OT) with information technology (IT), creating multiple potential attack vectors.

Broader Industry Context

The Bridgestone attack is part of a troubling trend affecting the manufacturing sector. The incident occurred around the same time as major cyberattacks on other prominent manufacturers, including Jaguar Land Rover, which suffered a devastating attack that halted global production.

Manufacturing as a Target

The manufacturing sector has become increasingly attractive to cybercriminals for several reasons:

1. High Disruption Potential: Manufacturing shutdowns create immediate and visible impact
2. Supply Chain Dependencies: Attacks can cascade through interconnected supply networks
3. Critical Infrastructure: Many manufacturing facilities are considered critical infrastructure
4. Ransom Pressure: The cost of downtime often exceeds ransom demands

Regulatory and Compliance Considerations

While Bridgestone has not disclosed whether it has notified regulatory authorities about this incident, the company's experience with the 2022 attack likely informed its compliance approach. The previous incident resulted in mandatory breach notifications to state attorneys general and affected customers.

Data Protection Measures

Bridgestone's assertion that "no customer data or interfaces were compromised" suggests the company's data protection measures may have been more effective in this incident compared to the 2022 breach, which involved the theft of customer personal information including Social Security numbers and bank information.

Looking Forward: Lessons and Implications

The Bridgestone cyberattack serves as a stark reminder of the evolving threat landscape facing critical manufacturing infrastructure. The incident highlights several key considerations for the industry:

Cybersecurity Investment

Despite the 2022 attack and subsequent security improvements, Bridgestone again found itself targeted by cybercriminals. This pattern suggests that even companies with recent attack experience and presumably enhanced security measures remain vulnerable to sophisticated threats.

Operational Resilience

The company's ability to quickly contain the attack and maintain employee compensation during the disruption demonstrates the importance of robust business continuity planning. Bridgestone's approach of offering affected employees alternative work or compensation helped maintain workforce stability during the crisis.

Threat Evolution

The shift from purely data-focused attacks to operational disruption represents a significant evolution in cybercriminal tactics. As Chris Hauk noted, attacks "that aren't aimed at stealing data but that target their manufacturing facilities" are becoming increasingly common.

Recovery and Future Preparedness

As Bridgestone works to fully restore operations and complete its forensic investigation, the incident will likely inform future cybersecurity strategies across the manufacturing sector. The company's experience navigating two major cyberattacks in three years positions it as a case study for industrial cybersecurity resilience.

Industry-Wide Implications

The attack reinforces the need for comprehensive cybersecurity strategies that protect not just data, but operational continuity. As manufacturing becomes increasingly digitized and interconnected, the potential for cascading disruptions grows exponentially.

Key Takeaways:

• Rapid Response: Bridgestone's quick containment prevented deeper network infiltration
• Employee Support: The company maintained workforce stability through alternative work arrangements and compensation
• Operational Impact: Multiple facilities across two countries were affected, highlighting supply chain vulnerabilities
• Historical Pattern: This marks the second major cyberattack on Bridgestone in three years
• Industry Trend: Manufacturing facilities are increasingly targeted for operational disruption rather than just data theft

Company Statistics:

• Scale: 50 production facilities, 55,000 employees
• Revenue: $12 billion in sales, $1.2 billion in operating profit (2024)
• Coverage: 43% of Bridgestone Corporation's total operations
• Facilities Affected: Plants in South Carolina and Quebec confirmed

This incident underscores the critical importance of robust cybersecurity measures and business continuity planning in protecting vital manufacturing infrastructure from increasingly sophisticated cyber threats.