Asahi cyber attack spirals into massive data breach impacting almost 2 million people

Asahi Group Holdings, the makers of the popular Japanese beer Asahi Super Dry, has confirmed that the ransomware attack that disrupted its operations in late September also saw a significant data breach that affects more than 1.5 million customers and approximately 275,000 current and former employees and their families.

The cyber attack, which occurred on 29 September 2025 and was initially described publicly as a "system failure", was later confirmed to be orchestrated by the Qilin ransomware group, and resulted in the paralysis of critical systems responsible for the ordering and shipping of beer across Japan, and forced Asahi to temporarily suspend major parts of its operations.

In a statement published on 27 November, Asahi shared details of a nearly two-month forensic investigation into the security incident.

The company reported that around 1.52 million customers who had previously contacted the company's customer-service centres may have had their personal information accessed during the attack. The company further revealed that the data of roughly 114,000 external contacts - including recipients of "congratulatory or condolence telegrams" — and about 275,000 employees, former employees, retirees, and their family members may have also been breached.

According to Asahi, the information potentially exposed includes names, addresses, telephone numbers, email addresses, and in some cases dates of birth and gender. The company emphasized that it has not currently seen any evidence that the stolen data has been published online, and insisted that it declinedto pay a ransom to its attackers.

The impact of the attack on Asahi's operations was significant. Production at multiple factories was interrupted, and key systems used to manage logistics and sales were forced offline. Although beer production resumed within a week, distribution problems persisted and resulted in widespread shortages across Japan.

Reuters reports that Asahi's domestic beverage and food divisions saw a 10-40% decline in sales in October compared with the previous year.

Asahi states that it is continuing to reinforce its cybersecurity systems in the wake of the attack, and improve its resilience. Individuals whose data has been confirmed as exposed will apparently be notified. One presumes that that won't be via a "telegram of condolence."

The company now faces a long road as it works to rebuild operations, notify those affected, and reinforce the IT systems that allowed the breach to occur in the first place. For millions of customers and employees, the consequences may take far longer to resolve than the beer shortages that made headlines.

For the millions of affected individuals, the immediate concern shifts from beer shortages to the potential for identity theft and targeted phishing campaigns. Security experts warn that even though the stolen data hasn't surfaced online yet, it could be sold on underground forums or weaponized months or even years from now.