Japanese beer maker **Asahi Group** suffered a **ransomware attack** by the **Qilin group**, leading to the exposure of personal data from over **1.5 million individuals**. The attackers infiltrated the company’s network via on-site equipment, deploying ransomware on servers and employee PCs while exfiltrating data. The compromised information likely includes **names, genders, postal addresses, phone numbers, and email addresses** of customers who contacted Asahi’s service centers (affecting ~1.525M people). Additionally, data from **300,000 external contacts, employees, and their family members** may have been exposed. While Asahi confirmed no evidence of data misuse or public leakage, Qilin listed the company on its dark web leak site, indicating a high risk of future exploitation. The attack was contained to Asahi’s Japanese operations, with no confirmed financial or operational disruptions beyond data theft.
Asahi Group Holdings cybersecurity rating report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "ASA4832448112725",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '1,825,000 (1,525,000 customers '
'+ 300,000 external '
'contacts/employees/family '
'members)',
'industry': 'Beverage (Beer, Soft Drinks, Food)',
'location': 'Japan',
'name': 'Asahi Group Holdings, Ltd.',
'type': 'Corporation'},
{'industry': 'Beverage (Beer)',
'location': 'Japan',
'name': 'Asahi Breweries',
'type': 'Subsidiary'},
{'industry': 'Beverage (Soft Drinks)',
'location': 'Japan',
'name': 'Asahi Soft Drinks',
'type': 'Subsidiary'},
{'industry': 'Food',
'location': 'Japan',
'name': 'Asahi Group Foods',
'type': 'Subsidiary'}],
'attack_vector': 'Equipment located at Asahi Group’s site',
'customer_advisories': 'Public announcement acknowledging potential exposure '
'of 1.825 million records',
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': '1,825,000 (1,525,000 customers '
'+ 300,000 external '
'contacts/employees/family '
'members)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate to High (Personally '
'Identifiable Information - PII)',
'type_of_data_compromised': ['Names',
'Gender data',
'Postal addresses',
'Phone numbers',
'Email addresses']},
'date_detected': '2023-09-29',
'description': 'Japanese beer maker Asahi was struck by a ransomware attack, '
'with attackers accessing servers and PCs, stealing personal '
'information from customer service contacts. The Qilin '
'ransomware group claimed responsibility, adding Asahi to its '
'dark web leak site. Approximately 1.525 million customer '
'records and 300,000 additional records (external contacts, '
'employees, and family members) may have been exposed, '
'including names, gender data, postal addresses, phone '
'numbers, and email addresses.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data exposure of 1.825 million '
'individuals',
'data_compromised': True,
'identity_theft_risk': 'High (personal data of 1.825 million '
'individuals exposed)',
'operational_impact': 'Limited to systems managed in Japan',
'systems_affected': ['Servers in the data center',
'Company-issued PCs']},
'initial_access_broker': {'data_sold_on_dark_web': 'Listed on Qilin’s dark '
'web leak site (no '
'confirmation of sale)',
'entry_point': 'Equipment located at Asahi Group’s '
'site',
'high_value_targets': ['Servers in the data center',
'Company-issued PCs']},
'investigation_status': 'Ongoing (no evidence of data misuse confirmed as of '
'report)',
'motivation': 'Financial (likely ransom demand)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Asahi Group Holdings Official Announcement'},
{'source': 'BBC News'},
{'source': 'TechRadar', 'url': 'https://www.techradar.com'}],
'response': {'communication_strategy': 'Public announcement on company '
'website',
'incident_response_plan_activated': True},
'threat_actor': 'Qilin Ransomware Group',
'title': 'Asahi Ransomware Attack Exposing Data of Over 1.5 Million '
'Individuals',
'type': 'Ransomware Attack'}