Japan’s Asahi Group said it is working to restore its ordering and logistics systems in Japan by February after a late September ransomware incident disrupted operations and forced manual processing across parts of the business.

The brewer disclosed that personal details of more than 1.52 million customers who had contacted its service centres may have been exposed, alongside information relating to about 107,000 current and former employees, 168,000 family members, and 114,000 external contacts. Asahi told Reuters that “the personal details of 1.52 million customers may have been leaked,” adding that data on “114,000 contacts and 275,000 current and former employees and their families may also have been exposed.” The company said credit card information was not affected.

Asahi traced the disruption to a data centre on 29 September and said investigators found data had been encrypted and access blocked. The company confirmed that ransomware was deployed, with subsequent outages hitting order processing, shipping and call centres. According to Invezz, only 18 items of employee-related personal information stored on company laptops have been confirmed as exposed to date, but Asahi is treating other records as potentially compromised while the investigation continues.

At a press briefing, president and group chief executive officer Atsushi Katsuki said the attack was “sophisticated and cunning,” noting: “We have not been in touch with the attacker.” He added: “Even if we had a ransom demand, we would not have paid it.” Asahi reiterated that its Europe-based subsidiaries, including Peroni and Fuller’s Brewery, were unaffected.

In a statement reported by the BBC, the company said: “We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the group.” The brewer has begun resuming shipments in stages as recovery progresses, but warned not all products will be available to ship by February.

The disruption led to drink shortages in shops and hospitality venues across Japan, with October sales at some domestic-facing units reported down between 10 per cent and 40 per cent compared with the same month last year, according to Reuters. Asahi delayed its third-quarter and full-year earnings releases to focus on recovery efforts, extending its reporting timetable beyond the customary period.

Ransomware group Qilin claimed responsibility for the attack on 9 October, though Asahi has not confirmed the perpetrator. Katsuki said: “Why our firm? I have no idea. We are angry.”

---