Asahi Confirms Cyberattack Exposed Data of 1.5M Customers
Japanese beverage giant Asahi Group Holdings has confirmed new details regarding the ransomware attack that hit late September, in an incident that may have exposed the personal information of more than 1.5 million customers, employees, and business partners.
The company released its full internal investigation results on Nov. 27, describing both how the breach unfolded and the steps being taken to prevent future incidents.
Timeline and scope of the breach
According to Asahi’s internal report, the cyberattack began at around 7:00 a.m. JST on Sep. 29, when systems at one of the company’s data centers were disrupted and encrypted files were discovered on its network.
The company reacted within hours, isolating its network and disconnecting the affected data center in an effort to contain the damage. Unfortunately, by then it was too late, as forensic analysis later revealed that attackers had already infiltrated the network through compromised equipment at a separate Asahi site, deploying ransomware across multiple servers and connected PCs.
The cyberattack resulted in chaos, forcing widespread operational shutdowns with factories across Japan temporarily unable to manage digital workflows. Employees were reportedly forced to revert to manual order processing, disrupting operations and causing drink shortages across Japan. The incident compelled Asahi to delay its full-year financial results to focus on recovery efforts.
Although Asahi hasn’t confirmed the attackers’ identities, the ransomware group Qilin has claimed responsibility. So far, investigators have found no confirmed evidence that any stolen data has been publicly released online, but the potential scope is significant.
Among the potentially affected data are names, addresses, gender, and contact details belonging to approximately 1.52 million customers. Asahi also reported that information tied to about 1.52 million customers could have been exposed, along with data from 107,000 employees, 168,000 family members of staff, and 114,000 outside contacts who interacted with the company. Only 18 employee-related cases have been definitively confirmed, and no credit card information is believed to have been compromised.
Recovery efforts and industry concerns
Asahi spent nearly two months containing the attack by restoring its systems and rebuilding parts of its network. In response to the incident, the company is now rolling out a suite of enhanced security measures, including strengthened network communication controls, upgraded threat-monitoring systems, new backup architectures, and more rigorous employee training. Further governance measures and external cybersecurity audits will also become regular practice.
Still, cybersecurity leaders say the incident points to a worrying pattern.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, warned that ransomware attacks are becoming faster and more sophisticated, with AI enhancing the speed and precision of criminal tactics.
“The window to detect and stop an attack is shrinking,” Dimitriadis said, stressing the need for organizations to make proactive cybersecurity prevention and training core business priorities, with frequent incident-response exercises and a culture of shared digital responsibility.
Asahi CEO Atsushi Katsuki issued an apology to customers and partners and assured them that product shipments are gradually resuming as operational systems recover, while the company continues to monitor its networks closely and implement additional safeguards to prevent similar incidents in the future.
South Korea’s top crypto exchange, Upbit, suffered a major security breach, losing tens of millions of dollars in digital assets.
About Author
