Asahi Finally Opens Up about Extent of September’s Cyberattack; 1.91 Mil. People’s Data May Have Been Leaked

By Tomoharu Mizuno and Yukiho Takaichi / Yomiuri Shimbun Staff Writers

21:00 JST, November 28, 2025

The extent and severity of the damage caused by the cyberattack on Asahi Group Holdings, Ltd. in late September is finally becoming clear.

Asahi has announced that the personal information of about 1.91 million people, including customers and employees, might have been leaked as a result of the cyberattack. The major food and beverage company added that it will resume receiving orders and shipping products through its computer systems from December onward, with these operations expected to be fully normalized in February.

At the company’s first press conference since the attack, Asahi Group Holdings President Atsushi Katsuki said Thursday that the company’s computer systems had been “vulnerable,” and he acknowledged that its countermeasures had been insufficient. However, Katsuki also revealed that the “sophisticated and clever cyberattack” had been “beyond anything the company had expected.” Katsuki explained that Asahi’s systems had been redesigned since the attack.

According to a statement issued by Asahi, external attackers gained access to the data center network via the group’s internal network equipment around Sept. 19. The attackers later stole passwords and took over the system’s administrator privileges. The attackers are believed to have infiltrated multiple servers mainly outside of business hours, and repeatedly snooped around the network.

On Sept. 29, a ransomware attack disrupted the company’s systems. Asahi confirmed that data on some computers and servers connected to the network had been encrypted and rendered unusable.

Asahi’s internal investigation revealed that personal information stored on some computers provided to employees and on servers in the data center could have been exposed. The company said this information included the name, physical address, phone number and other details of customers, employees and employee family members who had contacted the customer service centers of some Asahi group companies.

VPN use halted

In October, Qilin — a hacking group believed to be based in Russia — posted an online message claiming responsibility for the cyberattack. Katsuki said the company had not received any demands for a ransom.

“We haven’t had contact with the attackers,” Katsuki said at the press conference. “We have a data backup, so even if they demanded a ransom, we felt we shouldn’t pay it.”

Asahi did not reveal in detail the route through which the hackers initially gained access, but the company has halted the use of virtual private networks, which establish a digital connection between a remote server and an organization’s internal network. A VPN encrypts communications and boosts the security of such data. However, ransomware can exploit vulnerabilities created when software has not been updated and in other situations, and has reportedly been able to penetrate computer systems in some cases.

“So many attacks exploit vulnerabilities in VPNs, so it’s possible that any company could fall victim to them,” said Naoki Bando, a fellow at the Software Association of Japan, an organization that has helped companies and hospitals recover from ransomware attacks.

Bando suggested some steps that could help repel such attacks. “It’s important to ensure your VPN devices and software are right up-to-date, and to set long, difficult-to-guess passwords,” Bando said.

Results announcement delayed

After the cyberattack disrupted its systems, Asahi had been receiving orders and arranging shipments manually, such as via telephone or fax. The computer system for receiving orders and other operations remains offline.

October sales at Asahi Breweries, Ltd., which resumed shipments of its flagship Asahi Super Dry beer and other products, were more than 90% of those recorded in the same month last year. By contrast, sales at Asahi Soft Drinks Co., which handles a wide range of products, plunged to about 60% from the level logged in the same month last year, as the company struggled with significant shipment delays.

Asahi announced at the press conference that it had decided to postpone the announcement of its financial results for the fiscal year ending on Dec. 31, 2025. The impact of the systems disruption on Asahi’s business performance in the months ahead will be closely watched.

Katsuki admitted that recovering from the cyberattack was taking a long time. “The prevention of further harm was the top priority as we carefully restored our systems,” Katsuki explained.

When asked about the top management’s future following this incident, Katsuki demurred. “We will exercise better leadership and get through this difficult time,” he said.

The company also presented a plan to prevent such a breach from happening again by beefing up its data backup systems and reviewing its business continuity plan.