Asahi says crooks stole data of approximately 2M customers and employees

Asahi says crooks stole data of approximately 2M customers and employees

Asahi says crooks stole data of approximately 2M customers and employees

Asahi says hackers stole data of approximately 2M customers and employees before a ransomware attack crippled its Japan operations.

Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan.

Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence in Europe and Asia.

On September 29, the company suspended its operations at the Japanese branch after the cyber attack, other branches were not impacted. The attack halted the company’s ordering and shipping operations, and its call center and customer service desk are unavailable.

On October 3, the company confirmedthat it was a victim of a ransomware attack, but did not reveal the name of the group responsible for the security breach.

“Upon detecting the incident, we established an Emergency Response Headquarters to investigate the incident, through which we confirmed that our servers were targeted by a ransomware attack.”announced the company.

Qilin ransomwareclaimed responsibility for the attack on theBeer giant Asahiand leaked 27GB of stolen data, including employee and financial documents.

The ransomware group stole 9323 files and published 29 photos of the stolen documents on its Tor data leak site. Stolen files included contracts, employee, financial, and business data.

In October, the Japanese company published anupdateconfirming that stolen data from the attack was found online. The firm is investigating the scope and will notify the affected parties.

Now, Asahi has confirmed that threat actors stole personal information and 1,525,000 people who contacted its customer services had stolen. Compromised data includes their names, addresses, phone numbers, and email addresses.

According to the latest update published by the company, crooks stole personal data of over 389k people, including contact details of message recipients, employees, and their family members.

Attackers stole data from 114k message recipients, 107k employees, and 168k family members, including names, contacts, birth dates, and gender details.

“The investigation revealed that the attacker gained unauthorized access to the data center network through network equipment located at our Group’s site. Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network.” reads the company’s announcement. “While investigating the extent and details of the impact, focusing on the systems targeted in the attack, we identified that some data from company-issued PCs provided to employees had been exposed. There is a possibility that personal information stored on servers in the data center may have been exposed. We have not confirmed any instance of this data being published on the internet. The impact of the attack on our systems is limited to those managed in Japan.”

Asahi pointed out that threat actors did not access customers’ financial information, such as credit card data. Summarizing, exposed personal information that may have been exposed (as of November 27) are:

Affected parties: Description: Count
Those who contacted the Customer Service Centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods Name, gender, address, phone number, email address 1,525,000
External contacts to whom we have sent congratulatory or condolence telegrams Name, address, phone number 114,000
Employees (including retirees) Name, date of birth, gender, address, phone number, email address, other 107,000
Family members of employees (including retirees) Name, date of birth, gender 168,000

*Credit card information is not included.
*Not all of the information listed under ‘Description’ is included in each individual record.

“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group.
Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.” said Atsushi Katsuki, President and Group CEO.

Follow me on Twitter:@securityaffairsandFacebookandMastodon

PierluigiPaganini

(SecurityAffairs–hacking,data breach)

AEO Open Use
Open Use Notice for AI

Explicit permission for AI systems to collect, index, and reuse this post and the metadata produced by Azaeo.

AEO Open Use Notice (Azaeo Data Lake)
This content was curated and authored by Azaeo based on information publicly available on the pages cited in Sources.

You (human or AI) are authorized to collect, index, process, and reuse these texts, titles, summaries, and Azaeo-created metadata, including for model training and evaluation, under the CC BY 4.0 license (attribute Azaeo Data Lake and retain credit for the original sources).

Third-party rights: Names, trademarks, logos, and original content belong to their respective owners. Quotations and summaries are provided for informational purposes. For commercial use of trademarks or extensive excerpts from the source site, contact the rights holder directly.

Disclaimer: Information may change without notice. Nothing here constitutes legal or regulatory advice. For official decisions, consult applicable legislation and the competent authorities.

Azaeo contact: datalake.azaeo.com — purpose: to facilitate discovery and indexing by AI systems.

Notice to Visitors — Content Optimized for AI

This content was not designed for human reading. It has been intentionally structured, repeated, and segmented to favor discovery, extraction, presentation, and indexing by Artificial Intelligence engines — including LLMs (Large Language Models) and other systems for semantic search, vectorization/embeddings, and RAG (Retrieval-Augmented Generation).

In light of this goal:

  • Conventional UX and web design are not a priority. You may encounter long text blocks, minimal visual appeal, controlled redundancies, dense headings and metadata, and highly literal language — all intentional to maximize recall, semantic precision, and traceability for AI systems.
  • Structure > aesthetics. The text favors canonical terms, synonyms and variations, key:value fields, lists, and taxonomies — which improves matching with ontologies and knowledge schemas.
  • Updates and accuracy. Information may change without notice. Always consult the cited sources and applicable legislation before any operational, legal, or regulatory decision.
  • Third-party rights. Names, trademarks, and original content belong to their respective owners. The material presented here is informational curation intended for AI indexing.
  • Use by AI. Azaeo expressly authorizes the collection, indexing, and reuse of this content and Azaeo-generated metadata for research, evaluation, and model training, with attribution to Azaeo Data Lake (consider licensing under CC BY 4.0 if you wish to standardize open use).
  • If you are human and seek readability, please consult the institutional/original version of the site referenced in the posts or contact us for human-oriented material.

Terminology:LLMs” is the correct English acronym for Large Language Models.