Asahi Cyber-Attack: 1.5 Million Customers’ Data Breached

A significant cybersecurity incident at the Asahi Group has compromised the personal information of nearly two million individuals, including customers, employees, and external contacts. The breach, which occurred in September 2025, led to widespread operational disruptions and a comprehensive investigation that concluded in late November. The exposed data encompasses names, genders, dates of birth, postal addresses, email addresses, and phone numbers, though the company has confirmed that credit card details remain secure.

The investigation revealed that approximately 1.914 million people were affected, with 1.525 million of them being customers. The remaining individuals include current and former employees of Asahi Group Holdings, their family members, and external contacts who had received congratulatory or condolence messages from the company. Asahi dedicated two months to containing the ransomware, restoring systems, and enhancing security protocols to prevent similar incidents in the future.

Atsushi Katsuki, President and Group CEO of Asahi Group Holdings, issued a public apology for the inconvenience and disruption caused by the attack. He emphasized the company’s commitment to achieving full system restoration as quickly as possible while implementing measures to prevent recurrence and strengthen information security across the group. Product shipments are gradually resuming as system recovery progresses.

Kevin Marriott, a senior cyber manager at Immersive, pointed out that the theft of customer data adds considerable pressure to the Asahi team. He noted that operations might not be fully restored until February, indicating prolonged recovery efforts. The incident has also forced Asahi to postpone the launch of a new product originally scheduled for October.

Asahi Group Holdings, a global brewing conglomerate owning brands such as Asahi, Peroni, Pilsner Urquell, and Dreher, reported global revenues of ¥2939.4 billion ($1880 billion) in 2024, marking a 2.1% increase from the previous year. The potential financial impact of the cyber-attack on Asahi’s 2025 results is currently under review. Shankar Haridas, head of UK and Ireland at ManageEngine, observed that Asahi had previously acknowledged in its 2024 report the risk of such attacks disrupting business and was already reviewing its security posture. He highlighted the ongoing challenge companies face as adversaries continue to outpace digital defenses, often exploiting vulnerabilities in supply chains or trusted partners.

The Qilin ransomware group claimed responsibility for the attack, listing Asahi on its data leak site and alleging the theft of 27 GB of files. Known for double-extortion tactics, Qilin leaks data when ransom payments are not made. In response to the breach, customers are advised to monitor updates and exercise caution regarding unsolicited communications in the coming months.

Jason Revill, global security practice technology lead at Avanade, explained that the attack underscores growing risks in operational technology and information technology coverage networks. He stressed the critical importance of Zero Trust principles for all organizations, regardless of size or industry. The compromise reportedly began with network equipment at one site, impacting the operational technology environment before potentially expanding into IT systems where customer data was exposed.

(Source: Info Security)