Asahi Says Cyber-Attack May Have Exposed Data of 1.5 Million Customers
Japanese beverage giant Asahi has confirmed that a major cyber-attack that struck its operations in September may have exposed the personal information of more than 1.5 million customers, along with data belonging to employees and business partners.
In a newly released update on its investigation, the company said the ransomware attack severely disrupted operations at multiple factories across Japan, forcing staff to revert to manual order-taking as systems went offline. Asahi noted that the breach likely compromised customer service records, and those affected would soon receive direct notifications.
The company has postponed the release of its full-year financial results, saying resources are being redirected to manage the aftermath of the attack and bolster cybersecurity systems.
While Asahi did not confirm who was behind the breach, ransomware group Qilin – known for previous attacks on large corporations – publicly claimed responsibility shortly after the incident.
According to Asahi’s preliminary findings, the breach began on 29 September when unusual activity was detected at one of its data centres. Although the affected system was isolated quickly, investigators discovered that attackers had already gained deep access, encrypted files and deployed ransomware, rendering large sections of the network unusable.
The company said the incident may have exposed personal details of 1.52 million customers, including names, gender, addresses and contact information. Data belonging to approximately 107,000 current and former employees, 168,000 employees’ family members, and 114,000 external business contacts may also have been compromised. Asahi emphasised that no credit card information appeared to be affected.
So far, the firm says it has not found evidence that any of the data has been published online. The breach appears to be confined to systems in Japan, with European brands under the Asahi Group – including Peroni and the UK’s Fuller’s Brewery – unaffected.
Asahi spent nearly two months containing the attack and restoring internal systems. During that period, product shortages were reported across Japan, affecting both alcoholic beverages and soft drinks like ginger beer and soda water. The company controls about 40% of Japan’s beer market, making the disruption highly visible in shops nationwide.
Shipments are gradually resuming, according to president and CEO Atsushi Katsuki, who apologised for the widespread inconvenience. He said the company is focused on full system restoration and implementing stronger security measures to prevent future breaches.
The incident adds to a growing list of global manufacturers hit by serious cyber-attacks in recent months. Jaguar Land Rover, for example, recently required emergency funding after a cyber incident halted production at its UK facilities.
