Company reports large-scale data exposure following September ransomware incident
Asahi said a ransomware attack in September may have leaked the personal information of more than 1.5 million customers. The company published its investigative findings on Thursday, confirming that the cyberattack disrupted operations at factories across Japan and forced employees to take orders manually. Asahi said personal details of individuals who contacted its customer service centers were likely exposed and that notifications will be issued.
The company will delay the release of its full-year financial results while it focuses on recovery efforts.
Ransomware group claims responsibility
Asahi did not identify the attacker, but ransomware group Qilin has claimed responsibility. The company said it detected a disruption at one of its data centers on September 29. Although systems were quickly isolated, investigators found that the attacker had already infiltrated the network, encrypted data, and deployed ransomware. Asahi said some data stored on affected computers and servers may have been exposed.
The beer maker confirmed 18 cases of employee-related personal information leaks involving company-issued laptops. All remaining categories of personal data are considered at risk of possible leakage.
Scale of potentially exposed data and affected groups
Asahi said the incident may involve personal details of more than 1.52 million customers, including names, gender, addresses, and contact information. Data belonging to about 107,000 current and former employees and 168,000 family members were also potentially leaked. The names and contact details of 114,000 external contacts were likewise included. Asahi said credit card information was not among the affected data.
The company added that it has not found evidence that the leaked data has been released and said the impact is limited to systems operated in Japan. Asahi’s European brands, including Peroni and Fuller’s Brewery in the U.K., were not affected.
Operational disruptions led to product shortages
Asahi said it spent nearly two months containing the attack and is working to restore and reconfigure its network. The outage caused shortages of its beer and soft drinks in Japan, affecting products such as ginger beer and soda water. Shipments are gradually resuming. Company president and CEO Atsushi Katsuki apologized for the disruption and said Asahi is implementing measures to prevent recurrence and strengthen security.
Other global companies have recently reported similar cyberattacks, including Jaguar Land Rover, which faced operational disruptions at its U.K. factories.
Featured image credits: Beaumont Yun via Unsplash
For more stories like it, click the +Follow button at the top of this page to follow us.