Asahi data breach: more than 1.5 million customers affected by September ransomware attack
Asahi confirms a September ransomware attack exposed personal data of around 1.5 million customers, delaying results and triggering a company-wide security overhaul.
Asahi, one of Japan’s leading beverage makers, disclosed in a recent update that a cyberattack in September exposed the personal data of more than 1.5 million customers. The breach disrupted production across its Japanese plants and forced staff to process orders manually.
What happened
In its preliminary findings, Asahi reported a disruption at a key data center on 29 September. Although the system was swiftly isolated, investigators found the attacker had already breached the network, encrypted files, and deployed ransomware. Some data on affected machines and in hacked servers was exposed.
The data includes the names, gender, addresses and contact details of about 1.52 million customers. About 107,000 current and former employees and 168,000 family members may also be affected, along with the names and contact details of 114,000 external contacts who had engaged with the company.
Credit card information was not listed among the leaked data. Asahi noted there is no confirmed evidence that the data had been released publicly, and that the impact remains limited to systems managed in Japan. Its European operations, including Peroni and Fuller’s, were not affected.
The incident prompted Asahi to delay its full-year financial results as it spent nearly two months containing the breach and began restoring and reconfiguring its network.
The outage caused shortages of beer and other beverages in stores across Japan. Asahi accounts for roughly 40% of the country’s beer market, and the disruption also affected soft drinks such as ginger beer and soda water. CEO Atsushi Katsuki apologized for the disruption and said the company is taking steps to restore systems quickly and strengthen security.
Industry observers note that cybersecurity incidents are rising, with other major brands reporting similar breaches in recent months. In other cases, Jaguar Land Rover faced urgent funding needs after a cyberattack disrupted its UK factories.
Key Takeaways
- Personal data of approximately 1.52 million customers exposed, including names, addresses and contact details.
- Data on about 107,000 current and former employees and 168,000 family members potentially leaked.
- Credit card data not implicated, and no evidence of data release confirmed yet.
- Impact contained to Japan; European operations were not affected.
- Asahi paused full-year results to focus on incident response and system restoration.
Expert comment
Expert comment: A cybersecurity analyst says the case underscores the need for rapid containment, network segmentation and ongoing employee awareness to limit data exposure. They warn that personal information can erode customer trust even when payment data remains untouched.
Summary
In September, Asahi disclosed a ransomware breach that disrupted operations and exposed millions of customer records. The company is rebuilding its IT environment and increasing security measures while it works to restore full production and delivery. The incident highlights the ongoing risk to consumer brands and the importance of proactive cyber defenses.
Key takeaway: This incident underscores the urgency of robust data protection and rapid incident response to minimize damage and protect customer trust. Source: BBC News