Executive Summary
- Ransomware attack exposed data of 1.52 million customers and 107,000 employee-related individuals.
- Production in Japan was crippled, forcing staff to use pen and paper for orders.
- Ransomware group Qilin claimed responsibility for the intrusion.
- International brands like Peroni and Fuller’s were not affected.
- Full-year financial results have been delayed due to the incident.
Asahi Group Holdings confirmed on Thursday that a significant ransomware attack in September likely compromised the personal information of more than 1.5 million customers and forced a temporary return to manual operations at its Japanese facilities.
According to a statement released by the Tokyo-based brewer, the security breach was detected on September 29 when irregularities were observed at one of its data centers. An internal investigation revealed that an unauthorized third party had infiltrated the network, encrypted data, and deployed ransomware. The attack disrupted production and distribution, compelling staff to process orders using pen and paper while causing shortages of beer and soft drinks across Japan.
The company’s preliminary findings indicate that the data of approximately 1.52 million customers was exposed, including names, genders, addresses, and contact information. Additionally, the personal details of about 107,000 current and former employees and their families, as well as 114,000 external business contacts, were potentially accessed. Asahi emphasized that credit card information was not included in the compromised data.
The ransomware group Qilin has claimed responsibility for the intrusion. While Asahi has not publicly confirmed the identity of the attackers or the nature of any demands, the company stated that the impact is limited to its domestic systems in Japan. Operations of international subsidiaries, such as Peroni and Fuller’s Brewery in Europe, remain unaffected.
Asahi President and CEO Atsushi Katsuki issued an apology for the disruption, noting that shipments are gradually resuming. The company has delayed the release of its full-year financial results to prioritize the restoration of its systems and the reconfiguration of its network security.
Cybersecurity & Supply Chain Resilience
The incident at Asahi highlights the growing vulnerability of the manufacturing sector to ransomware attacks that target operational technology alongside information technology systems. By crippling production capabilities and forcing a revert to manual processes, threat actors can exert immense pressure on time-sensitive supply chains. This breach underscores the critical need for robust network segmentation and contingency planning within major industrial conglomerates to mitigate the cascading effects of such digital intrusions on market availability and corporate financial reporting.
