Japanese office supplies company Askul has confirmed that customer data was stolen during a cyberattack linked to the RansomHouse extortion group. The company said the incident resulted in the unauthorised extraction of information relating to about 740,000 customers. Askul disclosed the breach after an internal investigation found evidence that data had been taken from its systems.
According to Askul, the compromised information includes customer names, addresses, phone numbers, email addresses, and order-related details. The company stated that payment card information and passwords were not included in the stolen dataset. Askul said it identified the breach after detecting suspicious activity on its network and immediately took steps to contain the incident and limit further access.
The RansomHouse group later claimed responsibility for the attack and said it had obtained customer records from Askul’s systems. The group is known for data theft and extortion rather than file encryption. Askul confirmed that the attackers gained unauthorised access and copied data, although the company did not disclose technical details about how the intrusion occurred.
Askul said affected customers will be notified directly and provided with guidance on how to protect themselves from potential misuse of their information. The company warned that exposed contact details could be used for phishing or other fraudulent activity and advised customers to be cautious of unexpected messages claiming to be linked to the incident.
The company also reported the breach to relevant authorities and said it is cooperating with law enforcement. Askul stated that it has engaged external cybersecurity specialists to assist with the investigation and to review its security controls. Measures taken include strengthening system monitoring, restricting access to sensitive data, and reviewing internal processes to prevent similar incidents.
While Askul said there is no evidence at this stage that the stolen data has been misused, security specialists note that personal and order-related information can still pose risks. Such data may be used to craft targeted scams that appear credible because they reference real purchases or customer details. Experts often advise affected individuals to remain alert for suspicious emails or calls following a breach.
The incident adds to a growing number of cases where ransomware and extortion groups focus on data theft rather than operational disruption. These groups often seek to pressure organisations by threatening to publish stolen information if demands are not met. Companies targeted in such attacks may face reputational damage even when core services remain operational.
Askul said it will continue to provide updates as the investigation progresses. The company apologised for the incident and stated that improving the protection of customer information remains a priority.