Bridgestone Americas (BSA) is investigating a cyberattack that disrupted operations at select manufacturing sites. The incident became public on September 2, 2025, after interruptions were reported at two plants in Aiken County, South Carolina. On September 3, Canadian outlets noted similar issues at the Bridgestone facility in Joliette, Quebec. The company describes the event as a limited cyber incident impacting a subset of production assets.
What happened: limited disruption across North American plants
Bridgestone is one of the world’s largest tire and rubber manufacturers. Bridgestone Americas accounts for roughly 43% of the corporation’s scale, overseeing about 50 manufacturing sites and more than 55,000 employees. BSA said it acted quickly to contain the issue in line with established protocols and continues digital forensics to understand root cause and scope.
Company statement and initial containment
BSA reports no evidence of customer data compromise or exposure of external interfaces. The company emphasizes around-the-clock efforts to minimize operational impact, maintain supply commitments, and restore normal manufacturing safely.
Operational risk: IT/OT exposure and supply chain pressure
Even “limited” outages in tire manufacturing can ripple through OEM assembly schedules and the aftermarket. A common industrial response to cyber incidents is a preventive production pause to stop an IT-borne threat from propagating into operational technology (OT) environments. OT systems run physical processes; isolating them from IT is a core control recommended by CISA and NIST SP 800-82, which advocate strict network segmentation and controlled data flows.
Context: parallel pressure on the automotive ecosystem
The Bridgestone investigation aligns in timing with a separate attack on Jaguar Land Rover (JLR), which affected production and retail operations. Threat actors linked to Scattered Spider, LAPSUS$, and Shiny Hunters claimed responsibility for JLR under a banner calling itself Scattered LAPSUS$ Hunters and threatened additional actions against Vodafone UK. No group has publicly claimed the Bridgestone incident; any attribution would be premature.
Why manufacturing remains a primary cyber target
Manufacturing has been the most attacked sector in recent years, according to independent analyses by IBM X-Force and ENISA. Dragos’ ICS/OT Year in Review similarly notes that the majority of ransomware events impacting industrial operations involve manufacturers. The core driver is downtime cost: every hour offline compounds through just-in-time logistics and thin inventory buffers.
Common intrusion vectors in industrial environments
Operators of ransomware and data-extortion campaigns frequently leverage compromised identities, misuse of remote access, and supplier ecosystem footholds for lateral movement. Even without direct manipulation of OT controllers, an “IT blast radius” can force an operational standstill while teams validate the integrity of MES, ERP, and supervisory systems before resuming production.
Recommendations: OT security controls that reduce dwell time and downtime
Segment IT/OT by default deny. Enforce strict ACLs, L4/L7 firewalls, and an industrial DMZ for brokered data exchange between business and plant networks (per NIST SP 800-82 and IEC 62443).
Harden remote access. Require MFA, least privilege, vendor session monitoring, and time-bound access tokens instead of static VPN credentials.
Enhance detection and response. Deploy EDR/XDR in IT, passive ICS network detection (NDR) in OT, and tested SOAR playbooks. Conduct regular cross-functional tabletop exercises with plant leadership.
Backups built for ransomware. Maintain isolated, immutable backups and regularly test recovery to the last known-good state for OT-supporting systems.
Prioritized vulnerability management. Focus first on internet-exposed services and “crown-jewel” applications; apply compensating controls where OT patching is constrained. Tighten supplier and integrator access governance.
Asset visibility and allow-listing. Keep an up-to-date inventory, detect unauthorized devices, and use application allow-listing on industrial hosts.
The Bridgestone case underscores a consistent lesson: resilience in modern manufacturing depends as much on mature cyber readiness as on production excellence. Organizations that invest in IT/OT segmentation, continuous monitoring, rehearsed incident response, and isolated backups typically cut recovery time and cost. Use this event as a trigger for a fast audit—validate vendor remote access, revisit isolation playbooks, and prove you can safely restore critical plant-support systems “by tomorrow morning.”
