Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposed

No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems

Emma Woollacott's avatar
By
published
in News
Asahi logo pictured outside the Asahi Kanagawa Brewery in Minamiashigara, Kanagawa, Japan.
(Image credit: Getty Images)

Japanese brewing giant Asahi has revealed that a cyber attack in September saw personal information belonging to 1.5 million customers exposed.

The incident, discovered on 29 September, saw an attacker gain unauthorized access to the firm's data center network via network equipment at its headquarters.

"Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network," said Asahi in an update.

"While investigating the extent and details of the impact, focusing on the systems targeted in the attack, we identified that some data from company-issued PCs provided to employees had been exposed."

The company said there was no evidence that the data had been published on the internet, and that the attack was limited to systems managed in Japan.

Customers affected in the incident are those who had contacted the customer service centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods, with names, gender, addresses, phone numbers, and email addresses exposed.

Meanwhile, the names, addresses and phone numbers of external contacts to whom the company had sent congratulatory or condolence telegrams were accessed.

Employee details were also exposed in the breach, Asahi confirmed, with information including names, dates of birth, addresses, phone numbers, and email addresses impacted along with the names, dates of birth, and gender of some family members.

Asahi cyber attack recovery still ongoing

The company said it continues to restore systems on a phased basis, is redesigning communication routes and network controls, and tightening connection restrictions.

It's also limiting connections to external parties via the internet – including email and web applications – to secure zones and improving security monitoring systems.

Backup strategies and BCP plans will be redesigned and updated to ensure rapid recovery in the event of an emergency, the firm said, while security standards will be continuously reviewed.

“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the group, " said Atsushi Katsuki, president and group CEO.

"Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.”

Who was behind the attack?

At a press conference in Tokyo this week, Katsuki said the company hadn't communicated with the attacker and hadn't paid any ransom.

"Even if we had a ransom demand, we would not have paid it," he said.

The attack has been claimed by the Qilin ransomware group, which has listed Asahi on its data leak site.

The group claims it exfiltrated 27GB of files from the company, including financial documents, budgets and contracts, along with the personal data of employees, as well as plans and development forecasts of the company.

In a recent report, Guidepoint said the Russia-linked group was now the world's leading ransomware gang, with its activity surging 318% year-over-year during the last quarter, and claiming 234 victims.

The group has claimed responsibility for attacks on manufacturers, financial firms, retailers, government and healthcare providers, including London hospitals.

“The Asahi ransomware attack is a powerful reminder that the fallout from a cyber breach can stretch far beyond the initial incident," said Chris Dimitriadis, chief global strategy officer at ISACA. 

"Months later, it’s been revealed that 1.5 million customers potentially had their data breached, and the company has been forced to delay its financial results. This is clear evidence that the damage from ransomware attacks can be deep, expensive and long-lasting." 

Dimitriadis added: “While we’ve seen more of these large-scale attacks in 2025, we cannot afford to become desensitised to them. With AI now enabling criminals to hack at the speed of intent, the job of defending against attacks is even more critical. The window to detect and stop an attack is shrinking."  

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott
Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.

Latest
You might also like
View More ▸