Pierluigi Paganini
November 27, 2025
Threat actors hit Asahi with a ransomware attack in September, stealing personal data on about 2 million customers and employees and severely disrupting the company’s operations in Japan.
Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence in Europe and Asia.
On September 29, the company suspended its operations at the Japanese branch after the cyber attack, other branches were not impacted. The attack halted the company’s ordering and shipping operations, and its call center and customer service desk are unavailable.
On October 3, the company confirmed that it was a victim of a ransomware attack, but did not reveal the name of the group responsible for the security breach.
“Upon detecting the incident, we established an Emergency Response Headquarters to investigate the incident, through which we confirmed that our servers were targeted by a ransomware attack.” announced the company.
Qilin ransomware claimed responsibility for the attack on the Beer giant Asahi and leaked 27GB of stolen data, including employee and financial documents.
The ransomware group stole 9323 files and published 29 photos of the stolen documents on its Tor data leak site. Stolen files included contracts, employee, financial, and business data.
In October, the Japanese company published an update confirming that stolen data from the attack was found online. The firm is investigating the scope and will notify the affected parties.
Now, Asahi has confirmed that threat actors stole personal information and 1,525,000 people who contacted its customer services had stolen. Compromised data includes their names, addresses, phone numbers, and email addresses.
According to the latest update published by the company, crooks stole personal data of over 389k people, including contact details of message recipients, employees, and their family members.
Attackers stole data from 114k message recipients, 107k employees, and 168k family members, including names, contacts, birth dates, and gender details.
“The investigation revealed that the attacker gained unauthorized access to the data center network through network equipment located at our Group’s site. Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network.” reads the company’s announcement. “While investigating the extent and details of the impact, focusing on the systems targeted in the attack, we identified that some data from company-issued PCs provided to employees had been exposed. There is a possibility that personal information stored on servers in the data center may have been exposed. We have not confirmed any instance of this data being published on the internet. The impact of the attack on our systems is limited to those managed in Japan.”
Asahi pointed out that threat actors did not access customers’ financial information, such as credit card data. Summarizing, exposed personal information that may have been exposed (as of November 27) are:
| Affected parties: | Description: | Count |
| Those who contacted the Customer Service Centers of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods | Name, gender, address, phone number, email address | 1,525,000 |
| External contacts to whom we have sent congratulatory or condolence telegrams | Name, address, phone number | 114,000 |
| Employees (including retirees) | Name, date of birth, gender, address, phone number, email address, other | 107,000 |
| Family members of employees (including retirees) | Name, date of birth, gender | 168,000 |
*Credit card information is not included.
*Not all of the information listed under ‘Description’ is included in each individual record.
“I would like to sincerely apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group.
Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologize for the continued inconvenience and appreciate your understanding.” said Atsushi Katsuki, President and Group CEO.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
Data Breach / November 27, 2025
