Asahi Data Breach Impacts 2 Million Individuals

Japanese beverage giant Asahi has confirmed that hackers stole the personal information of approximately 2 million individuals in a ransomware attack that disrupted its operations in September.

The company first disclosed the incident on September 29, the day the attack occurred. Operations in Japan remain partially affected as systems are gradually restored. Early reports indicated that the Qilin ransomware group claimed responsibility, posting about the theft of 27 gigabytes of data on its Tor-based leak site.

Asahi has now confirmed that the attackers accessed a wide range of personal information. Customer service contacts were the most affected, with 1,525,000 individuals’ names, addresses, phone numbers, and email addresses exposed. Additionally, 114,000 recipients of Asahi’s congratulatory or condolence messages had their names, addresses, and phone numbers stolen.

Employee data was also compromised, affecting 107,000 current and former staff members, including their names, addresses, phone numbers, emails, dates of birth, and gender information. Personal information of 168,000 family members of employees, including names, birthdates, and gender, was also taken. Asahi stressed that no credit card or payment information was involved, and there is no confirmation that the data has been publicly posted online.

The attackers infiltrated Asahi’s network by exploiting network equipment and deployed ransomware that encrypted data across multiple servers and connected devices. In response, the company is restoring systems in phases, ensuring that only fully secured devices are reconnected.

“Asahi is making every effort to restore full system functionality while strengthening information security and implementing measures to prevent recurrence,” said Asahi Group president and CEO Atsushi Katsuki. He added that product shipments are resuming gradually as system recovery progresses.

Cybersecurity experts note that full recovery for manufacturing networks can be lengthy due to complex infrastructures, legacy systems, and interconnected supply chains. Kevin Marriott, senior manager at Immersive, warned that Qilin typically leaks data when ransoms are not paid, and customers should remain vigilant for potential misuse of the stolen information. He added that normalized operations may not be fully restored until February 2026.

This incident highlights the ongoing vulnerabilities in corporate networks and the growing sophistication of ransomware attacks targeting global manufacturing and consumer brands.