Asahi Group Holdings has confirmed almost two million people could have had personal data leaked in connection with the cyberattack in Japan two months ago.
In a statement today (27 November), the Super Dry brewer said it found personal information belonging to a mixture of customers and employees “has been or may have been exposed”.
Go deeper with GlobalData
Discover B2B Marketing That Performs
Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.
Around 1.5 million of the potentially affected group includes customers who contacted customer service centres at the company’s Asahi Breweries, Asahi Soft Drinks and Asahi Group Foods unit, all of which are based in Japan and supply the domestic market.
Around a further 275,000 people potentially impacted are current and past employees and their family members, along with 114,000 so-called “external contacts”.
In September, Asahi reported a “systems failure” linked to the cyber breach, affecting production and distribution across the business. The company’s factories resumed operations a week later.
Asahi’s soft-drinks sales slumped by around 40% last month following the cyberattack.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe Japanese food and drinks giant had said in October that personal data may have been compromised following the ransomware attack.
The company underlined today that the impact of the attack on our systems is “limited to those managed in Japan”.
Asahi confirmed to Just Food that, so far, the only confirmed data leak was of personal information belonging to 18 Asahi employees. That data had been stored on PCs provided by the company.
Atsushi Katsuki, the president and CEO of Asahi Group Holdings, said in the statement: “I would like to sincerely apologise for any difficulties caused to our stakeholders by the recent system disruption.
“We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the group.
“Regarding product supply, shipments are resuming in stages as system recovery progresses. We apologise for the continued inconvenience and appreciate your understanding.”
In its statement, Asahi said it was going ahead with a “phased restoration of systems and devices confirmed to be secure”.
It added it “will continue to monitor, make improvements, and implement enhanced security measures to prevent recurrence and ensure safe operations”.
Asahi also outlined several “preventative measures” it was implementing, including a changes to its security monitoring and redesigning communication routes and network controls. It also said it would rework back-up strategies and business continuity plans “to ensure rapid recovery in the event of an emergency”.
In a press conference today, the company also confirmed it would resume “system-based order processing” across its three affected businesses from early next month.
The group added that delivery lead timing will be “longer than usual” but it aims to have logistics “normalised” by February.
Asahi had said earlier this week that it was aiming to restore its logistics systems in Japan by February.
As a result of the cyberattack, the company had delayed the release of its third-quarter figures for the 2025 financial year. The results, for revenue only, were published today for its Europe and Asia-Pacific markets.
Asahi said it was unable to share “accurate revenue”, nor details on core operating profit for its Japan and East Asia business, as a result of the cyberattack.
As a result of the ransomware incident, Asahi has also decided to postpone the release of its full-year results for 2025.
“This decision takes into account various factors, including the current status of system restoration and the time required for financial closing and audit procedures by auditors once recovery is achieved,” the group said.
It did not say when it expected to publish the annual figures. “The timing will depend on the progress of the overall system restoration and the financial closing procedures.”
