Tokyo: A major cyberattack on Japan’s Asahi Group has reportedly compromised the personal information of approximately 1.52 million customers, along with thousands of employees, former staff, and their family members, company officials confirmed Thursday. While none of the data has appeared publicly so far, the incident has triggered widespread concern about cybersecurity in corporate Japan and highlighted vulnerabilities in large-scale business operations.
The attack, which occurred on September 29, disrupted Asahi’s order processing, logistics, and customer-service operations nationwide. Known globally for its flagship “Super Dry” beer, the company was forced to halt shipments temporarily, delay earnings disclosures, and suspend call-center services. Investigations by Asahi and external cybersecurity experts revealed that unauthorized access had likely led to the transfer of sensitive data, prompting the firm to launch a comprehensive emergency response.
Beyond customer records, the breach potentially affected 114,000 contacts, including vendors and business partners, as well as 275,000 current and former employees and their families, bringing the total number of impacted data sets to nearly 1.9 million. Despite the scale of the exposure, company leadership stated that no ransom had been paid, and it remained unclear whether the stolen information had been disseminated outside the group.
The operational fallout has been significant. Although production resumed at six domestic factories within a week of the attack, logistics and distribution may not return to normal until February 2026, leaving gaps on retail shelves and affecting restaurants and bars across Japan. This disruption also prompted the company to delay its third-quarter financial results, although management affirmed that the incident would not change its long-term business strategy.
The hacking group Qilin claimed responsibility for the attack on October 9, raising alarms among regulators, security experts, and privacy advocates. The incident has sparked concerns over potential identity theft, fraud, and misuse of personal data, underscoring the importance of robust cybersecurity measures. Asahi continues to work with external specialists to assess the breach and prevent further damage.
This event serves as a stark reminder that even established, globally recognized corporations remain vulnerable to cyber threats. The Asahi Group case highlights the critical need for vigilance, proactive security protocols, and transparency in safeguarding sensitive information and maintaining public trust.