Japanese Beer Manufacturer Asahi Reports Data Breach Affecting 1.9 Million People
Asahi Group Holdings, Japan's largest beer producer, has confirmed that a ransomware attack in fall 2025 compromised personal data belonging to nearly two million customers, employees, and business contacts.
The breach affected 1.9 million individuals across multiple categories: 1.525 million customer service contacts, 114,000 external business contacts, 107,000 current and former employees, and 168,000 employee family members.
The Attack and Response
The ransomware attack, which occurred in September, forced all 30 of Asahi's Japanese factories to halt production temporarily. Product ordering, delivery operations, and the company's call center were disrupted during the incident.
The Qilin ransomware group claimed responsibility for the attack, stating they had stolen 27 GB of corporate data. The group published samples of stolen files on their leak site as proof of the breach.
Initially, Asahi representatives said customer data was not affected. However, the company reversed that assessment within days after confirming the ransomware included data exfiltration. The investigation into the full scope of the breach has now concluded.
What Was Compromised
The stolen data varies by victim category:
Customers (1.525 million): Full names, gender, postal addresses, email addresses, and phone numbers
External contacts (114,000): Information from individuals who received congratulatory or condolence telegrams from Asahi
Employees and families (275,000): All customer data fields plus dates of birth
Asahi specifically confirmed that payment card information was not compromised in the attack.
Company Background
Asahi holds approximately one-third of Japan's domestic beer market and employs around 30,000 people. The company reported annual revenue of nearly $20 billion in 2024 and operates four regional divisions across Japan, Europe, Oceania, and Southeast Asia. Its international portfolio includes Peroni, Pilsner Urquell, Grolsch, and Fullers.
Recovery and Security Improvements
Recovery efforts remain ongoing, with product shipments resuming gradually as IT infrastructure is restored. Asahi Group Holdings CEO Atsushi Katsuki outlined several security enhancements the company is implementing:
- Rebuilding all communication routes
- Tightening network access controls
- Imposing strict restrictions on external internet connections
- Upgrading threat detection systems
- Conducting comprehensive security audits
- Revising backup and business continuity plans
"We are doing everything possible for the swift and complete restoration of our systems, while simultaneously implementing measures to prevent similar incidents in the future and strengthening information security across the entire group of companies," Katsuki said.
The attack on Asahi represents one of the larger confirmed data breaches in Japan's manufacturing sector this year, demonstrating that ransomware groups continue targeting operational technology environments where production disruption creates pressure to pay ransoms.
