Japanese beer giant Asahi says ransomware attack may have exposed data of 1.5 million people
Japanese brewer Asahi said on Thursday that a ransomware attack on its systems earlier this year may have exposed the personal data of about 1.5 million customers, as well as thousands of employees, their family members and external contacts.
The company said the compromised information includes names, gender, addresses and phone numbers, but not credit-card details. Asahi has seen no evidence the data has been published online and said the impact appears limited to systems managed in Japan.
The disclosure follows a two-month investigation into the late-September incident, which forced production shutdowns, delayed product launches and disrupted order processing and shipping nationwide — causing shortages of Asahi’s beer and soft drinks. The company controls roughly 40% of Japan’s beer market, including its flagship Super Dry brand.
According to Asahi, attackers infiltrated its data-center network via equipment at one of its domestic sites and deployed ransomware that encrypted several active servers and personal computers. Some employee laptops on loan from the company were also compromised.
Asahi said it has spent roughly two months containing the attack and is gradually restoring shipments. It aims to normalize logistics operations by February, although some products will continue to face delays. The company has also pushed back its annual financial results by 50 days due to disruptions in its accounting systems.
“We will do our utmost to fully restore our systems as quickly as possible,” President Atsushi Katsugi said, adding that the company is implementing new security measures to prevent a recurrence.
Asahi did not identify the attacker, but in October the Russian-speaking Qilin ransomware gang claimed responsibility, alleging it stole financial data, employee records and internal forecasts. Asahi’s CEO said Thursday the company has not paid a ransom.
Qilin, active since 2022, operates a ransomware-as-a-service model and has previously targeted hospitals, government agencies and private firms.
Japan has faced several major cyber incidents in recent months. Office-supply retailer Askul said data on customers and suppliers was leaked after an October ransomware attack claimed by the RansomHouse group. Other victims include logistics provider Kintetsu World Express, mobile carrier NTT Docomo and media conglomerate Kadokawa.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.