• Home
  • cyber
  • The Japan Times: Askul confirms theft of 740k customer records in ransomware attack
cyber Ransomware

The Japan Times: Askul confirms theft of 740k customer records in ransomware attack

Dec 15, 2025 3 min read
The Japan Times: Askul confirms theft of 740k customer records in ransomware attack

Askul Corporation Hit by RansomHouse Ransomware Attack, 740,000 Records Stolen

Japanese e-commerce giant Askul Corporation, a subsidiary of Yahoo! Japan specializing in B2B and B2C office supplies and logistics, confirmed that the RansomHouse hacking group stole approximately 740,000 customer records in a ransomware attack in October. The breach forced the company to suspend shipments, disrupting operations for major clients, including retail chain Muji.

The compromised data includes:

  • 590,000 business customer records
  • 132,000 individual customer records
  • 15,000 business partner records (outsourcers, agents, suppliers)
  • 2,700 executive and employee records (including group companies)

Askul has withheld specific details to prevent further exploitation but will notify affected parties individually. The company also reported the incident to Japan’s Personal Information Protection Commission and implemented long-term monitoring to track potential misuse of the stolen data.

As of December 15, order fulfillment remains disrupted, with full system restoration still underway.

Attack Details

RansomHouse claimed responsibility for the breach, first disclosing it on October 30 and releasing stolen data in two subsequent leaks on November 10 and December 2. Askul’s investigation revealed that attackers exploited compromised credentials from an outsourced partner’s administrator account, which lacked multi-factor authentication (MFA).

Once inside, the threat actors:

  • Conducted network reconnaissance
  • Disabled EDR (Endpoint Detection and Response) and other security tools
  • Moved laterally across servers to escalate privileges
  • Deployed multiple ransomware variants, some evading updated EDR signatures
  • Encrypted systems and wiped backup files to hinder recovery

Askul responded by physically disconnecting infected networks, isolating affected devices, resetting all administrator passwords, and enforcing MFA across critical systems. The financial impact remains uncalculated, prompting a delay in the company’s scheduled earnings report.

Source: https://www.bleepingcomputer.com/news/security/askul-confirms-theft-of-740k-customer-records-in-ransomhouse-attack/

The Japan Times cybersecurity rating report: https://www.rankiteo.com/company/the-japan-times

"id": "THE1765842884",
"linkid": "the-japan-times",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '740,000',
                        'industry': 'Office supplies and logistics',
                        'location': 'Japan',
                        'name': 'Askul Corporation',
                        'size': 'Large',
                        'type': 'E-commerce'},
                       {'industry': 'Retail',
                        'location': 'Japan',
                        'name': 'Muji',
                        'size': 'Large',
                        'type': 'Retail'}],
 'attack_vector': 'Compromised authentication credentials for an outsourced '
                  'partner’s administrator account without MFA protection',
 'customer_advisories': 'Affected customers and partners notified individually',
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'number_of_records_exposed': '740,000',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Personally identifiable information '
                                        '(PII)',
                 'type_of_data_compromised': ['Business customer service data',
                                              'Individual customer service '
                                              'data',
                                              'Business partners (outsourcers, '
                                              'agents, suppliers) data',
                                              'Executives and employees data']},
 'date_detected': '2023-10',
 'date_publicly_disclosed': '2023-10-30',
 'description': 'Japanese e-commerce giant Askul Corporation confirmed that '
                'RansomHouse hackers stole around 740,000 customer records in '
                'a ransomware attack in October. The attack caused an IT '
                'system failure, forcing the company to suspend shipments to '
                'customers, including the retail giant Muji.',
 'impact': {'data_compromised': '740,000 customer records',
            'downtime': 'Order shipping impacted as of December 15, 2023',
            'identity_theft_risk': 'High (PII exposed)',
            'operational_impact': 'Suspension of shipments to customers, '
                                  'including Muji; delayed earnings report',
            'systems_affected': 'Multiple servers, backup files wiped, IT '
                                'systems'},
 'initial_access_broker': {'entry_point': 'Compromised outsourced partner’s '
                                          'administrator account'},
 'investigation_status': 'Concluded',
 'lessons_learned': 'Lack of MFA on outsourced partner accounts can lead to '
                    'initial access; multiple ransomware variants may evade '
                    'updated EDR signatures; backup files should be secured to '
                    'prevent wiping.',
 'motivation': 'Extortion, data theft',
 'post_incident_analysis': {'corrective_actions': ['Applied MFA to all key '
                                                   'systems',
                                                   'Reset passwords for all '
                                                   'administrator accounts',
                                                   'Updated EDR signatures',
                                                   'Physically disconnected '
                                                   'infected networks',
                                                   'Established long-term '
                                                   'monitoring'],
                            'root_causes': ['Compromised authentication '
                                            'credentials for an outsourced '
                                            'partner’s administrator account '
                                            'without MFA',
                                            'Lack of network segmentation',
                                            'Insufficient EDR coverage for '
                                            'evasive ransomware variants']},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': ['Multiple variants (some evaded EDR '
                                      'signatures)']},
 'recommendations': ['Enforce MFA on all administrator accounts, including '
                     'outsourced partners',
                     'Enhance EDR capabilities to detect evasive ransomware '
                     'variants',
                     'Secure backup files to prevent wiping',
                     'Implement network segmentation to limit lateral movement',
                     'Establish long-term monitoring for misuse of stolen '
                     'data'],
 'references': [{'date_accessed': '2023-12-15',
                 'source': 'BleepingComputer',
                 'url': 'https://www.bleepingcomputer.com'},
                {'source': 'Askul Corporation Report'}],
 'regulatory_compliance': {'regulatory_notifications': ['Informed Japan’s '
                                                        'Personal Information '
                                                        'Protection '
                                                        'Commission']},
 'response': {'communication_strategy': 'Notified affected customers and '
                                        'partners individually; informed '
                                        'Personal Information Protection '
                                        'Commission',
              'containment_measures': ['Physically disconnected infected '
                                       'networks',
                                       'Cut communications between data '
                                       'centers and logistics centers',
                                       'Isolated affected devices'],
              'enhanced_monitoring': 'Established long-term monitoring to '
                                     'prevent misuse of stolen information',
              'incident_response_plan_activated': True,
              'recovery_measures': 'Working to fully restore systems',
              'remediation_measures': ['Updated EDR signatures',
                                       'Applied MFA to all key systems',
                                       'Reset passwords for all administrator '
                                       'accounts']},
 'threat_actor': 'RansomHouse',
 'title': 'RansomHouse Ransomware Attack on Askul Corporation',
 'type': 'Ransomware',
 'vulnerability_exploited': 'Lack of multi-factor authentication (MFA) on an '
                            'outsourced partner’s administrator account'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.