Japanese beermaker Asahi is considering the creation of a dedicated cybersecurity unit after a ransomware attack in late September disrupted core systems, slowed order processing and delayed financial reporting into the new year.

The incident, detected around 7:00 a.m. Japan Standard Time on 29 September, led to files being encrypted across multiple active servers and some employee PCs. Asahi said it disconnected its network and isolated its data centre by late morning to contain the breach. The company stated the attacker gained unauthorised access through network equipment at a Group facility, with impact confined to systems managed in Japan.

As part of recovery efforts, Asahi has scrapped virtual private networks and is adopting a stricter zero‑trust approach that assumes no user or device is automatically safe.

“Information security is a management issue that should be given the highest priority,” Atsushi Katsuki, Asahi’s chief executive officer told Bloomberg. “We thought we had taken sufficient measures, which were easily broken. It made me realise there’s no limit to the precautions that can be taken.” Katsuki added he expects most systems to be restored by February, with shelf space recovery and competitive positioning returning from March.

Operational consequences were immediate. The attack froze core business systems in Japan, forcing orders and shipments offline and delaying deliveries of year‑end gift sets. November sales of beer and other alcoholic beverages fell by more than 20 per cent compared with the same month a year earlier.

Prior to the breach, Asahi had forecast operating profit for the year ending December to decline 5.2 per cent to ¥255 billion on sales of ¥2.95 trillion. The company now expects annual earnings disclosure to be more than 50 days late; partial third‑quarter figures were released in November.

Asahi has been working with external experts on a forensic investigation and disclosed on 27 November that some data from company‑issued PCs had been exposed, with personal information on servers potentially affected.

As of that date, there was no confirmation that server‑based personal data had been published online. Categories of personal information that have been or may have been exposed include data related to approximately 1.525 million customer service contacts, 114,000 external telegram recipients, 107,000 employees and retirees, and 168,000 family members of employees and retirees. Asahi confirmed that no credit card information was included.

Preventive steps in system restoration include redesigned network controls, stricter connection restrictions, enhanced threat detection, updated backup strategies, revised business continuity plans, and expanded employee training and external audits.

---