Japanese brewing giant Asahi has confirmed that a ransomware attack in late September exposed the personal data of approximately 2 million customers, employees, and external contacts, severely disrupting its operations in Japan and delaying its financial reporting.
Quick Summary – TLDR:
- Asahi suffered a ransomware attack on September 29, halting operations in Japan
- Personal data of nearly 2 million people was stolen, including customers, employees, and family members
- Qilin ransomware group claimed responsibility, leaking 27GB of company data
- Operations and shipments are still recovering, with financial results delayed
What Happened?
On September 29, Asahi detected unauthorized access to its network systems. The company confirmed that attackers deployed ransomware which encrypted files across multiple servers and PCs. The breach disrupted ordering, shipping, and customer service operations across Japan, forcing employees to revert to manual order processing methods.
By early October, the Qilin ransomware group claimed responsibility and leaked 27GB of data, including contracts, financial documents, and employee records.
Japan’s Asahi Group reported a cyberattack in late September caused widespread outages and possible data leaks, with logistics expected to normalize by February; no ransom was paid https://t.co/EXRTZOjqtp pic.twitter.com/5Qvhz8bcwV
— Reuters Business (@ReutersBiz) November 27, 2025
Company-Wide Disruption Hits Japanese Operations
Asahi Group Holdings, known for its flagship Asahi Super Dry beer and soft drink lines, confirmed the data breach led to significant internal chaos. Systems managed within Japan were affected, but international operations in Europe and Asia remained untouched.
The company’s call centers and customer support services were temporarily suspended, and some retailers across Japan reported product shortages, including beers and soft drinks.
Key Facts From the Data Breach
- 1,525,000 customers who contacted customer service had personal data stolen (names, addresses, phone numbers, email).
- 114,000 external contacts (recipients of condolence or congratulatory messages) were impacted.
- 107,000 employees, including retirees, had personal info leaked (name, date of birth, gender, contact details).
- 168,000 family members of employees also had personal data exposed.
- Credit card and payment data were not compromised.
Asahi emphasized that not every individual record contained all data points, but confirmed a broad exposure across different groups.
Attack Origin and Response
Asahi’s internal investigation revealed that attackers exploited network equipment at a group site to gain access to the company’s data center. The ransomware was then deployed, encrypting data and locking out critical systems.
The company explained in a statement:
The leaked data has not been fully disclosed publicly, although Qilin posted photos and samples on its Tor-based leak site, totaling over 9,000 files.
Steps Taken by Asahi:
- Established an Emergency Response Headquarters.
- Gradual restoration of affected systems, prioritizing secured devices.
- Issued public updates and apologies from CEO Atsushi Katsuki.
- Strengthening of cybersecurity measures and IT infrastructure.
- Delayed the company’s full-year financial results to assess impact.
Broader Cybersecurity Implications
Asahi’s breach adds to the growing list of high-profile ransomware attacks targeting global corporations. Other firms, including automotive and healthcare giants, have also faced similar threats recently, highlighting the escalating risk of cyberattacks in today’s digital economy.
SQ Magazine Takeaway
If you thought cyberattacks were only a risk for banks and tech firms, think again. Asahi’s ransomware disaster is a wake-up call for every company with valuable customer data. When a brewery has to shut down operations and delay finances because of a digital break-in, you know the stakes are real. I admire Asahi’s transparency here, but it’s clear that even the biggest players are still scrambling when the hackers strike. Companies need to get serious about prevention, not just damage control.
