Tokyo: Asahi Group Holdings Ltd. said on Thursday that a “major” cyberattack this month may have breached the personal information of roughly 1.52 million customers, as well as supplier information and data from employees and people who had applied for jobs or competitions across Japan in recent years. The Asahi cyber breach originated from a ransomware attack on Sept. 29 that targeted ordering and shipping systems, and the brewer is now looking to restart domestic logistics by February of 2026 in return for not paying the hackers, Nov. 27, 2025.
Inside the Asahi data leak: what was exposed
The records of Asahi Euglena Co., which were part of the data leak, are joined by those for about 114,000 business contacts and some 275,000 current and former employees, along with their family members — raising the number of potentially affected people to nearly 1.9 million overall, according to the company. Asahi said there is no present evidence to suggest the data has been uploaded online. Still, it is continuing to work with external investigators “to ascertain details of the full extent of the incident,” a recent Reuters report disclosed.
Although the company has not yet provided a breakdown of the data compromised, officials noted that the Asahi data breach appears to have primarily involved baseline “personal details” gathered via customer touchpoints rather than payment-card information. In a previous technical bulletin, Asahi cautioned that it had discovered “traces suggesting possibility of unauthorized transfer of data” and moved to isolate affected servers to safeguard customer and partner information, as detailed in its Oct. 3 post-mortem update on the cyberattack.
The president, Atsushi Katsuki, apologized in Tokyo and acknowledged “weaknesses” in the group’s cybersecurity defenses; he confirmed that attackers managed to steal information on about 2 million people cumulatively and emphasized that Asahi was tightening controls, with those affected being informed when specific leaks are identified – a sentiment reflected in South China Morning Post coverage.
Logistics recovery moved to February 2026
The cyberattack disrupted critical domestic systems that manage order intake, shipping, and call centers, prompting Asahi to halt normal operations, manually handle urgent orders, and push back both the third-quarter and full-year earnings releases. The brewer now says it anticipates normalizing core logistics in Japan by February 2026. Still, some products will remain scarce as warehouses and distributors work through backlogs and adjust to reconfigured workflows.
That October, shelves at convenience stores and supermarkets across the nation started to empty as production and shipments sputtered to a halt; warnings were issued that Japan could even temporarily run out of Asahi Super Dry, according to The Guardian. The company has since resumed production at six of its domestic plants, but it says October sales in its major beverage and food units were down 10-40 percent year over year due to the cyber incident.
Ransomware gangs Qilin and Asahi are balking at paying.
Qilin, a ransomware group that has already claimed responsibility for the Asahi data leak, boasted on its leak site that it had stolen approximately 27 gigabytes of contracts, employee files, and other internal documents. The gang had previously targeted Asahii and sold screenshots it claimed showed the theft, according to earlier Reuters reporting and a follow-up analysis by SecurityWeek.
Asahi has since confirmed that the attack was ransomware. Still, it is not negotiating with Qilin — or paying a ransom to anyone at all — because it refuses to do anything that would encourage further attacks, said Carlo Urbani, the company’s group communications and public policy director. Instead, executives told reporters that they were concentrating on recovery, working with law enforcement and specialist firms, and beefing up defenses to ensure an Asahi data leak of such magnitude can’t occur again, a stance also covered by Japan Today.
A cyber crisis months in the works
For months, Asahi’s public updates focused more on system outages and factory disruptions than on customer privacy, suggesting a reversal of early commentary that said production lines were offline and delivery systems were disrupted, but consumer data was safe. As they delved deeper, the Asahi data leak emerged as a second front of the crisis. It prompted the group to recognize that attackers had moved from business networks into stored contact databases.
The Asahi data dump underscores how rapidly a ransomware attack on “operational technology” can spill over into customer records and core business systems, cybersecurity analysts say, warning that breweries, retailers, and logistics operators around the world should anticipate copycat attempts. The top priority for drinkers is whether the details (including names, phone numbers, and email addresses) that have been exposed will be used in phishing campaigns over the coming months — something Asahi is warning affected customers to watch out for, even as it seeks to rebuild trust.
