Asahi, a major Japanese beer manufacturer, suffered a **ransomware attack** on **September 29**, initially described as a 'system failure' but later confirmed as a **Qilin ransomware** incident. The attack disrupted **ordering, shipping, and call center operations**, forcing the company to revert to manual processes (pen, paper, and fax). The ransomware group claimed to have stolen **~27 GB of data**, including **employee records (ID cards, personal documents), financial data, contracts, and forecasts**, raising fears of **personal data theft**. The breach caused **prolonged operational disruptions**, including **shipment delays, stock shortages, and deferred financial reporting** (Q3 results postponed). While breweries resumed production, IT systems remained crippled, with no clear recovery timeline. The attack’s broader impact includes **reputational damage, financial instability, and potential legal liabilities** under data protection laws. Asahi is investigating the **scope of stolen data** but has yet to confirm definitive theft, though the ransomware group’s leaked samples (e.g., employee IDs) suggest **significant data compromise**.
Source: https://www.theregister.com/2025/10/14/asahi_breach_update/
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa2692326101425",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Beverage (Brewery)',
'location': 'Japan',
'name': 'Asahi Group Holdings, Ltd.',
'size': 'Large (global corporation)',
'type': 'Public Company'}],
'attack_vector': 'Ransomware (Qilin strain)',
'data_breach': {'data_encryption': 'Likely (ransomware attack)',
'data_exfiltration': 'Claimed by Qilin (27 GB of files '
'allegedly stolen)',
'file_types_exposed': ['Employee records',
'Contracts',
'Financial documents',
'ID cards',
'Forecasts'],
'personally_identifiable_information': 'Yes (employee ID '
'cards and personal '
'documents)',
'sensitivity_of_data': 'High (includes personally '
'identifiable information and '
'corporate financial data)',
'type_of_data_compromised': ['Personal information (employee '
'records, ID cards)',
'Corporate data (contracts, '
'financial data, forecasts)']},
'date_detected': '2023-09-29',
'date_publicly_disclosed': '2023-09-29 (initial disclosure); 2023-10-XX '
'(update on potential data theft)',
'description': 'Japanese beer giant Asahi suffered a ransomware attack on '
'September 29, initially believed to have no data compromise. '
'Later investigations revealed potential unauthorized transfer '
'of personal and corporate data, including employee records, '
'contracts, and financial data. The attack, claimed by the '
'Qilin ransomware group, caused significant operational '
'disruptions, including delays in shipments, stock shortages, '
'and reliance on manual order processing (pen, paper, and '
'fax). Financial reporting was also postponed due to system '
'outages and inaccessible accounting data. The company is '
'still assessing the full extent of the breach and has not '
'confirmed whether personal data was definitively stolen.',
'impact': {'brand_reputation_impact': 'Potential damage due to data breach '
'and operational disruptions',
'data_compromised': ['Employee records',
'Contracts',
'Financial data',
'Forecasts',
'Personal documents (e.g., employee ID '
'cards)'],
'downtime': 'Ongoing as of latest update (at least 2 weeks since '
'initial attack)',
'identity_theft_risk': 'High (if personal data confirmed stolen)',
'operational_impact': ['Shipment delays',
'Stock shortages',
'Manual order processing (pen, paper, fax)',
'Breweries operational but IT systems down'],
'systems_affected': ['Ordering systems',
'Shipping systems',
'Call center systems',
'Accounting/financial systems']},
'initial_access_broker': {'high_value_targets': ['Employee records',
'Financial data',
'Corporate contracts']},
'investigation_status': 'Ongoing (extent and detail of data affected still '
'under investigation)',
'motivation': 'Financial gain (ransom demand), data theft',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Claimed (27 GB of files)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'The Register'},
{'source': 'Asahi Group Holdings Public Statements'},
{'source': 'National Cyber Security Centre Report (mentioned '
'in article)'}],
'regulatory_compliance': {'regulatory_notifications': 'Company stated it will '
'notify affected '
'parties and comply '
'with applicable '
'personal data '
'protection laws'},
'response': {'communication_strategy': ['Public statements on attack and '
'potential data theft',
'Planned notifications to affected '
'individuals if data breach '
'confirmed'],
'containment_measures': ['System shutdown (ordering, shipping, '
'call centers)',
'Isolation of affected systems'],
'incident_response_plan_activated': True,
'recovery_measures': ['Manual order processing (temporary)',
'Brewery operations resumed'],
'remediation_measures': ['Investigation into data transfer',
'System restoration efforts']},
'stakeholder_advisories': 'Company plans to notify affected individuals if '
'data breach confirmed',
'threat_actor': 'Qilin ransomware group',
'title': 'Asahi Breweries Ransomware Attack and Data Breach',
'type': ['Ransomware Attack', 'Data Breach']}