Japanese beverage giant Asahi Group Holdings has confirmed new findings in its ongoing investigation into the Asahi Group cyberattack, revealing that personal information linked to around 2 million customers, employees, and external contacts may have been exposed. The update follows a detailed forensic review of the system disruption that struck its domestic servers on September 29. President and Group CEO Atsushi Katsuki addressed the media in Tokyo, offering an apology while outlining the company’s path toward full recovery. Katsuki said Asahi expects to resume automated orders and shipments by December, with full logistics normalization anticipated by February.

Asahi Group Cyberattack Investigation Reveals Scale of Data Exposure

According to the company, the Asahi Group cyberattack involved ransomware, which encrypted files across multiple servers and some company-issued PCs. Asahi confirmed that while systems in Japan were affected, no impact has been identified on overseas operations. A hacker group known as Qilin has claimed responsibility on the dark web, stating it had stolen internal documents and employee data. Asahi, however, reported no evidence that personal data has been published online. Katsuki also clarified that no ransom payment was made. The attack previously forced Asahi to delay its January–September financial results, initially scheduled for November 12.

Timeline and Technical Findings

Asahi’s latest report outlines the internal timeline and technical assessment:

• At 7:00 a.m. JST on September 29, systems began malfunctioning, and encrypted files were soon discovered.
• By 11:00 a.m. JST, the company disconnected its network and isolated the data center to contain the attack.
• Investigators later revealed the attacker gained entry via network equipment at a Group site, deploying ransomware simultaneously across multiple servers.
• Forensic reviews confirmed potential exposure of data stored on both servers and employee PCs.
• The impact remains limited to Japan-managed systems.

As part of regulatory requirements, Asahi submitted its final report to the Personal Information Protection Commission on November 26.

Details of Potentially Exposed Personal Information

As of November 27, the company has identified the following potentially affected groups and data types:

• Customer Service Center contacts from Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods Name, gender, address, phone number, email address — 1,525,000 individuals
• External contacts receiving congratulatory or condolence telegrams Name, address, phone number — 114,000 individuals
• Employees and retirees Name, date of birth, gender, address, phone number, email address, other details — 107,000 individuals
• Family members of employees/retirees Name, date of birth, gender — 168,000 individuals

Asahi confirmed that no credit card information was included in the exposed data sets. The company has set up a dedicated helpline (0120-235-923) for concerned individuals.

System Restoration and Strengthened Cybersecurity Measures

Following the Asahi Group cyberattack, the company spent two months containing the incident, restoring essential systems, and reinforcing security defences. These measures include:

• A full forensic investigation by external cybersecurity experts
• Integrity verification of affected systems and devices
• Gradual restoration of systems confirmed to be secure

Preventive actions now underway include:

• Redesigned network communication routes and stricter connection controls
• Limiting internet-facing connections to secure zones
• Upgraded security monitoring for improved threat detection
• Revised backup strategies and refreshed business continuity plans
• Enhanced security governance through employee training and external audits

In his public statement, Katsuki said, “We apologize for any difficulties caused to our stakeholders by the recent system disruption. We are making every effort to restore systems quickly while strengthening information security across the Group.” He added that product shipments are being restored in phases as recovery progresses. With investigation findings now submitted to regulators and system restoration underway, the company aims to prevent any recurrence while reassuring customers and partners affected by the Asahi Group cyberattack.