Brewing giant Asahi said that almost two million people could have seen their personal data exposed after it suffered a major cyber-attack in September 2025.
In a new advisory, published on November 27, Asahi shared the early results of the investigation into the cyber-attack that led to temporary operation suspensions in September and October.
The probe concluded that the personal data of approximately 1.914 million individuals, including 1.525 million customers, was or may have been exposed. The remaining affected individuals include current and former employees of Asahi Group Holdings, their family members and “external contacts who received congratulatory or condolence telegrams” from the company.
Potentially exposed data include:
- Names
- Genders
- Dates of birth
- Postal Addresses
- Email addresses
- Phone numbers
Asahi confirmed that credit card information has not been exposed.
Expected Further Operation Disruptions
Asahi said it spent two months investigating the breach - including conducting root cause analysis and integrity checks –, containing the ransomware, restoring systems and strengthening security to prevent future incidents.
Atsushi Katsuki, President and Group CEO of Asahi Group Holdings, publicly apologized for the difficulties caused by the disruptions.
“We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the group. Regarding product supply, shipments are resuming in stages as system recovery progresses,” he added.
Kevin Marriott, senior manager of cyber at Immersive, emphasized that the theft of customer data “only adds further pressure that the Asahi team is facing, in addition to the possibility that operations may not be fully restored until February.”
Potential Hit to Asahi’s 2025 Revenues
Asahi Group Holdings is a giant beer making conglomerate that owns several brands, including a range of Asahi-branded beers, Italian beer Peroni, Czech beer Pilsner Urquell and Hungarian beer Dreher.
The group’s global disclosed a 2024 global revenue of ¥2939.4bn ($1880bn) – a 2.1% increase compared to 2023.
The potential impact of the incident on Asahi’s financial results for fiscal year 2025 is currently under review.
Shankar Haridas, head of UK and Ireland at ManageEngine, noticed that Asahi had already acknowledged in its 2024 report that such an attack could interrupt business and was reviewing its security posture.
“That reflects a wider truth that companies are investing more than ever in digital defences, yet adversaries continue to outpace them, exploiting weak links in supply chains or breaking in through trusted partners,” he added.
Qilin Ransomware Group Claimed the Cyber-Attack
Asahi temporarily suspended its operations in Japan in late September following a “system failure.” Disruptions included order and shipment, call centers and customer service desks.
The beer giant later confirmed the incident was due to a ransomware attack which resulted in an “unauthorized transfer of data” from its servers.
It continued to experience operation disruptions throughout October. The company also postponed the launch of a new product scheduled to be released in October due to the cyber-attack.
On October 7, consumer website Comparitech revealed that the Qilin ransomware group had listed Asahi on its data leak site, claiming to have stolen 27 GB of files from the company.
Qilin is known for double-extortion attacks, leaking data when it has not received payment from its victims.
“Customers should therefore keep an eye on updates as the situation evolves and be cautious of any unsolicited communication over the coming months,” Immersive’s Marriot, warned.
Jason Revill, global security practice technology lead at Avanade, added that the Asahi cyber-attack “highlights a growing risk in operational technology (OT)/information technology (IT) coverage networks, and why Zero Trust principles are critical for every organization, no matter the size or industry.”
“The compromise seems to have started with network equipment at one site, impacting the OT environment and potentially expanding into IT systems, wherein customer data was exposed,” he explained.
Photo credits: Tom Eversley / Hendrick Wu / Shutterstock