Asahi Group Holdings has confirmed that a ransomware attack, which disrupted its operations in late September, led to the exposure of personal data affecting over 1.5 million individuals.
The announcement, released earlier today following the conclusion of a formal investigation, sheds new light on the scale and specifics of the breach attributed to the Qilin ransomware group.
The breach was first detected on September 29, 2025, when encrypted files were discovered on Asahi's internal systems. According to the company's timeline, network isolation measures were initiated within four hours, but not before the attackers had already deployed ransomware across multiple servers and endpoints via compromised network equipment at a Japanese group site. External cybersecurity experts assisted in tracing the infection chain and analyzing the extent of the compromise, which was limited to systems managed in Japan.
Qilin, a ransomware operation known for its links to other major threat actors like Scattered Spider and potentially North Korean hacking groups, claimed responsibility for the attack in early October by listing Asahi on its leak site. The group alleged it had stolen 27GB of sensitive data, including financial records, internal reports, employee IDs, and contracts. Sample images posted online substantiated the claim, though Asahi initially withheld confirmation of any data leak pending the completion of forensic investigations.
Founded in Tokyo and operating as Japan's largest brewery, Asahi employs 30,000 people and generates approximately $20 billion in annual revenue. The September attack forced the company to halt operations at six facilities and delayed product launches, resulting in significant financial and supply chain disruptions. The company's flagship beer, “Super Dry,” only resumed production after the deployment of a manual workaround system.
As per today's disclosure, the personal information of several categories of individuals was either exposed or at risk:
- 1,525,000 individuals who contacted customer service across Asahi Breweries, Soft Drinks, and Group Foods divisions had data such as names, addresses, phone numbers, and emails potentially compromised.
- 114,000 external contacts who received ceremonial telegrams from Asahi had their basic personal details exposed.
- 107,000 employees and retirees had sensitive personal and contact information at risk.
- 168,000 family members of employees and retirees had partial data — name, birth date, and gender — compromised.
The company confirmed that no credit card information was affected, and emphasized that, as of now, there is no evidence that the stolen data has been publicly leaked online.
In response to the attack, Asahi initiated a multi-phase recovery process that lasted approximately two months. Restoration efforts included isolating and verifying affected systems, rebuilding network infrastructure, and enhancing threat detection capabilities. The final report was submitted to Japan's Personal Information Protection Commission yesterday.
Leave a Reply