Japanese beverage company said a major Asahi data leak in September exposed the personal information of more than 1.5 million customers. The firm released new findings this week as it continues to rebuild systems that were crippled during a large ransomware incident. The attack disrupted factories, halted digital operations, and forced teams to revert to paper-based processes for several weeks.
Investigators traced the disruption to 29 September, when one of Asahi’s data centers showed signs of unusual activity. The system was isolated early, but the attacker had already gained access to the network. The intruder deployed ransomware that encrypted company data and blocked normal functions. This led to widespread operational delays across Japan, including shortages of beer and soft drinks in stores.
Scope of the Data Exposure
Asahi data leak likely exposed personal information tied to customer service interactions. According to the company, the compromised data includes names, gender details, addresses, and contact information of about 1.52 million customers. This information came from people who had reached out to the firm through its support channels.
Asahi data leak also affected data linked to Asahi’s workforce. The company identified potential exposure of details belonging to 107,000 current and former employees and 168,000 family members. The information included their names and basic personal identifiers stored on internal systems. In addition, the names and contact information of 114,000 external partners and contacts were listed as potentially leaked.
The company stated that no credit card information was included in the Asahi data leak. Asahi also noted that there is currently no confirmed evidence that the exposed information has been released or published online. The Asahi data leak impact appears limited to systems managed within Japan. The company’s operations in Europe, including brands like Peroni and Fuller’s Brewery, are not affected.
Operational Fallout Across Japan
The Asahi data leak ransomware attack created major operational challenges. With digital systems locked, factory teams relied on manual processes to keep production moving. This shift slowed output and led to months of reduced supply. Retailers across Japan reported shortages of popular Asahi products, including its flagship beer lines and carbonated soft drinks.
Asahi holds about 40% of Japan’s beer market, so the Asahi data leak disruption had a visible impact on store shelves. The company spent nearly two months containing the incident and restoring essential systems. Engineers are now rebuilding parts of the network and adding new security layers to prevent similar breaches.
Atsushi Katsuki, the company’s president and chief executive, said teams are working to bring operations back to normal. Shipments are gradually resuming across the country as systems stabilize and production recovers. Katsuki also noted that the company is focusing on long-term improvements to strengthen cybersecurity and reduce future risk.
Investigation and Next Steps
Asahi has not named the attacker, but ransomware group Qilin claimed responsibility shortly after the incident. The group has been linked to other high-profile attacks on global companies. Asahi said the investigation remains active and the full-year financial report will be delayed while teams continue assessing the impact and handling recovery work.
The company plans to notify affected customers, employees, and external contacts as the review continues. It also said it will share updates on the restoration of systems and any new findings from the investigation.
Asahi is one of several major companies worldwide that have faced attacks on their networks this year. This incident highlights how complex supply chains, large data systems, and digital production tools can be disrupted by organized ransomware groups. It also shows how a breach at a single data center can create long-term effects on customer privacy, operational stability, and product availability.
Asahi said it will keep strengthening cybersecurity measures as it restores normal operations and works to reduce the risk of future incidents.
Also Read: London Councils Face Major Cyber Incident With Data at Possible Risk
