Asahi Group Holdings has confirmed that it experienced a cyberattack that disrupted operations and may have exposed personal data for a large number of people. The company said that systems used for shipping, order processing and customer support were affected. It reported that the intrusion involved ransomware and that unauthorised data transfers were detected before systems were isolated. Asahi disclosed that the attack caused delays across its business in Japan and required a shift to manual processes for key functions.
The ransomware group known as Qilin claimed responsibility for the attack. On 7 October, the group published material that it said had been taken from Asahi’s internal systems. The group claimed that about 27 GB of data had been stolen. The data set described by the group included business contracts, files related to operations, financial information and documents that appeared to contain employee details. The group also stated that it held more than 9,300 files taken during the intrusion.
Asahi later reported that personal data belonging to different categories of individuals may have been affected. According to company statements, the breach may have exposed information for about 1.525 million customers who had contacted Asahi’s customer service centres. The company also said that about 114,000 external contacts, including individuals who had received telegrams sent by Asahi, may have been affected. In addition, about 107,000 current or former employees and 168,000 family members may have had their information included in the compromised data.
The company said that the personal information that may have been exposed included names, addresses, phone numbers and email addresses. In certain cases, dates of birth and gender may also have been part of the data set. Asahi noted that the investigation was still underway and that the company would notify all individuals whose data had been identified in the breach.
Operations across Asahi’s Japanese facilities were interrupted. Production at six breweries was paused while systems were restored. Distribution functions were forced to rely on phone and fax communication while digital systems were offline. These measures slowed logistics and reduced the company’s ability to meet normal demand. Asahi said that work to restore systems and review security controls began as soon as the breach was detected.
The company confirmed that ransomware was used in the attack, but has not released further details about the method used to gain access. It has stated that it is reviewing its security measures and considering additional protections to prevent similar incidents. It also said that it is cooperating with external partners to identify the full extent of the breach.
Although production has resumed, Asahi continues to assess the scale of the compromise. The company said that it is focusing on identifying the individuals whose personal data was affected and evaluating how to strengthen internal safeguards. It advised anyone who may have had data exposed to remain cautious when receiving unsolicited communication that requests personal information.
Asahi has said that it will release further updates once the investigation progresses and that it will implement measures to prevent similar events. The company has also encouraged customers and contacts to watch for suspicious messages and to take steps to protect their personal information.