Tokyo, November 27, 2025
Asahi Group, Japan’s leading beverage producer, faced a significant cyberattack in late September 2025 that potentially exposed personal information of over 1.5 million customers, along with staff and affiliated contacts, disrupting major operations across its domestic factories.
Details of the Cyberattack
The breach was initiated by the ransomware group known as Qilin, who encrypted company data and forced Asahi to halt key business functions including order processing, shipping, and call-centre services. The exposed data encompasses personal details such as names, gender, addresses, and contact information of approximately 1.52 million customers. Additionally, the attack affected about 107,000 current and former employees, 168,000 family members of staff, and 114,000 external contacts. Notably, credit card information remains secure and unaffected by the breach.
Response and Ongoing Investigation
The intrusion was detected on September 29, 2025, following disruptions found in a data center. By this point, the ransomware had already encrypted critical network data. In response, Asahi suspended impacted operations to contain the effect and initiated a comprehensive investigation. The company has notified all individuals potentially affected by the data exposure and postponed the release of its full-year financial results to concentrate on managing the incident and its repercussions.
Broader Cybersecurity Landscape
This incident highlights the escalating cybersecurity threats faced by multinational corporations. Recent comparable attacks include Jaguar Land Rover, which experienced severe operational paralysis from cyber intrusions. Such events underscore the vulnerability of global supply chains and business continuity to sophisticated ransomware groups like Qilin.
Implications for Recovery and Future Vigilance
Asahi has announced plans to restore its logistics and regular operations by February 2026, signaling a multi-month recovery from the attack’s disruption. The breach also serves as a critical reminder of the need for enhanced cybersecurity measures and proactive risk management in the corporate sector to mitigate potential damage from future cyber incidents.
The absence of confirmed public exposure of the stolen data offers some reassurance but does not diminish the severity of the operational and privacy risks revealed by this attack. As the investigation continues, the episode provides an important case study on the ongoing challenges in safeguarding personal and corporate data against increasingly aggressive cyber threats worldwide.