Japanese brewing giant Asahi has revealed that a cyber attack in September saw personal information belonging to 1.5 million customers exposed.
The incident, discovered on 29 September, saw an attacker gain unauthorized access to the firm's data center network via network equipment at its headquarters.
"Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network," said Asahi in an update.
"While investigating the extent and details of the impact, focusing on the systems targeted in the attack, we identified that some data from company-issued PCs provided to employees had been exposed."
The company said there was no evidence that the data had been published on the internet, and that the attack was limited to systems managed in Japan.
Customers affected in the incident are those who had contacted the customer service centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods, with names, gender, addresses, phone numbers, and email addresses exposed.
Meanwhile, the names, addresses and phone numbers of external contacts to whom the company had sent congratulatory or condolence telegrams were accessed.
Employee details were also exposed in the breach, Asahi confirmed, with information including names, dates of birth, addresses, phone numbers, and email addresses impacted along with the names, dates of birth, and gender of some family members.
Asahi cyber attack recovery still ongoing
The company said it continues to restore systems on a phased basis, is redesigning communication routes and network controls, and tightening connection restrictions.
It's also limiting connections to external parties via the internet – including email and web applications – to secure zones and improving security monitoring systems.
Backup strategies and BCP plans will be redesigned and updated to ensure rapid recovery in the event of an emergency, the firm said, while security standards will be continuously reviewed.
“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the group, " said Atsushi Katsuki, president and group CEO.
"Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.”
Who was behind the attack?
At a press conference in Tokyo this week, Katsuki said the company hadn't communicated with the attacker and hadn't paid any ransom.
"Even if we had a ransom demand, we would not have paid it," he said.
The attack has been claimed by the Qilin ransomware group, which has listed Asahi on its data leak site.
The group claims it exfiltrated 27GB of files from the company, including financial documents, budgets and contracts, along with the personal data of employees, as well as plans and development forecasts of the company.
In a recent report, Guidepoint said the Russia-linked group was now the world's leading ransomware gang, with its activity surging 318% year-over-year during the last quarter, and claiming 234 victims.
The group has claimed responsibility for attacks on manufacturers, financial firms, retailers, government and healthcare providers, including London hospitals.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far
- Cyber insurance payouts are skyrocketing
- If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up call
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
-
Logitech says zero-day attack saw hackers copy 'certain data' from internal IT systemsNews The incident is believed to have formed part of a campaign by the Clop extortion group that targeted customers of Oracle’s E-Business Suite
-
Google wants to take hackers to courtNews You don't have a package waiting for you, it's a scam – and Google is fighting back
