Asahi Group Holdings Ltd., Japan’s largest brewer, suffered a **ransomware attack** that crippled its internal order and shipment systems, forcing a manual fallback (phone, fax, in-person). Over a month later, operations remain at just **10% capacity**, severely disrupting supply during December—its peak sales month (12% of annual volume from Super Dry alone). The attack caused **stockouts in bars, restaurants, and gift markets**, leading rivals (Kirin, Sapporo, Suntory) to seize market share by replacing Asahi’s dispensing units and glassware. Financial losses include a projected **¥15 billion core operating loss** in Q4, a **13% miss on full-year guidance**, and delayed earnings reports due to inaccessible financial data. The breach exploited vulnerabilities in Asahi’s **fragmented legacy systems** (from acquisitions), compounding recovery challenges. While retail shelves show partial availability, **on-premise sales (bars, izakayas) face long-term loyalty risks**, with some outlets permanently switching brands. The incident also disrupted Japan’s corporate gifting tradition, further damaging revenue and reputation during the critical year-end season.
Source: https://www.insurancejournal.com/news/international/2025/11/12/847114.htm
Asahi Group Holdings cybersecurity rating report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "ASA3932439111225",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Bars, restaurants, retailers, '
'wholesalers, and end consumers '
'(e.g., Bier Reise ’98, Izakaya '
'Ueno Ichiba Honten, OK Corp., '
'Seven & i Holdings, FamilyMart, '
'Lawson, Isetan Mitsukoshi, '
'Takashiyama)',
'industry': 'Beverage (Brewery)',
'location': 'Japan',
'name': 'Asahi Group Holdings Ltd.',
'size': 'Large (46% of total revenue from Japan in '
'2023)',
'type': 'Public Company'},
{'customers_affected': 'Patrons (80% of sales '
'previously from Asahi Maruefu)',
'industry': 'Hospitality',
'location': 'Shimbashi, Tokyo, Japan',
'name': 'Bier Reise ’98',
'size': 'Small Business',
'type': 'Bar'},
{'industry': 'Hospitality',
'location': 'Ueno, Tokyo, Japan',
'name': 'Izakaya Ueno Ichiba Honten',
'size': 'Small/Medium Business',
'type': 'Restaurant'}],
'date_publicly_disclosed': '2023-10-06',
'description': 'A ransomware attack on Asahi Group Holdings Ltd. disabled its '
'internal order and shipment system, forcing the company to '
'revert to manual processing (in-person, phone, fax). The '
"attack occurred during Japan's peak beer-drinking season "
'(December), reducing shipments to 10% of normal levels. '
'Competitors like Kirin, Suntory, and Sapporo capitalized on '
"the disruption, replacing Asahi's dispensing units and "
'gaining market share. The incident exposed vulnerabilities in '
"Asahi's legacy systems, which were undergoing integration at "
'the time. Financial losses include a projected ¥15 billion '
'core operating loss for Q4, with full-year guidance expected '
'to miss by 13%. The attack also disrupted gift pack sales, a '
'key Japanese custom, and delayed Q3 earnings reporting '
'indefinitely.',
'impact': {'brand_reputation_impact': 'Lost No. 1 retail market position to '
'Kirin; risk of long-term loyalty loss '
'as competitors replace dispensing '
'units and glassware',
'customer_complaints': 'Bars and restaurants reported stockouts '
'(e.g., Bier Reise ’98, Izakaya Ueno Ichiba '
'Honten); gift pack shortages',
'downtime': 'Over one month (as of report date, ongoing)',
'financial_loss': 'Projected ¥15 billion core operating loss for '
'Q4; full-year guidance expected to miss by 13%; '
'higher marketing costs to win back customers',
'operational_impact': 'Shipments reduced to 10% of normal; manual '
'processing (phone, fax, in-person) '
'implemented; delayed Q3 earnings report; '
'disrupted gift pack sales',
'revenue_loss': 'Super Dry alone accounts for 12% of annual sales '
'volume; December is strongest month',
'systems_affected': ['Order and shipment processing system',
'Financial data access',
'Supply chain operations']},
'initial_access_broker': {'high_value_targets': ['Order/shipment system',
'Financial data']},
'investigation_status': 'Ongoing (as of report date)',
'lessons_learned': 'Legacy system integration during consolidation creates '
'vulnerabilities; manual backup processes (e.g., fax) are '
'insufficient for modern operations; competitor poaching '
'of market share during downtime can have long-term brand '
'loyalty impacts.',
'post_incident_analysis': {'root_causes': 'Vulnerabilities in legacy systems '
'during integration; lack of '
'resilient backup systems for order '
'processing'},
'ransomware': {'data_encryption': 'Yes (disabled internal order/shipment '
'system)'},
'references': [{'date_accessed': '2025-11-12',
'source': 'Bloomberg',
'url': 'https://www.bloomberg.com'},
{'source': 'Nikkei Inc.'}],
'response': {'containment_measures': ['Reversion to manual order processing '
'(phone, fax, in-person)'],
'incident_response_plan_activated': 'Yes (manual processing '
'implemented)'},
'title': 'Cyberattack Cripples Asahi Group Holdings Ltd., Disrupting Supply '
'Chain and Market Position',
'type': 'Ransomware Attack',
'vulnerability_exploited': 'Legacy system integration vulnerabilities during '
'platform consolidation'}