Cyberattack forces Japan's Asahi brewery Asahi to suspend operations

Asahi Group Holdings, Ltd., Japan's largest brewery is reporting a cyberattack that forced the complete suspension of ordering, shipping, and customer service operations in its domestic market. 

The incident began on the morning of September 29, 2025, at approximately 7:00 a.m. local time, causing a widespread system failure that disrupted the company's core business functions. Asahi suspended all order and shipment operations at its group companies throughout Japan. The company also took its call centers offline, rendering customer service desks unavailable to the public. 

Asahi prioritized containment over maintaining business continuity, a strategy often employed when organizations suspect ransomware or data theft attempts.

In an official statement distributed on September 29, 2025, Asahi acknowledged the cyberattack. The company claims that at the time of the announcement, there had been no confirmed leakage of personal information or customer data to external parties. The investigation into the incident is ongoing and Asahi cannot yet rule out the possibility that data may have been compromised or stolen.

The incident has affected the company's ability to accept new orders and fulfill existing shipments of beer, soft drinks, and food products throughout Japan. It also affects their extensive network of retailers, distributors, and hospitality businesses that depend on consistent operation of Asahi.

The nature of the cyberattack has not been disclosed by Asahi. No ransomware gangs have publicly claimed responsibility for the attack on their leak sites or through other channels typically used to announce successful breaches and extortion attempts

The cyberattack on Asahi is confined to its Japanese operations. The company explicitly stated that the system failure is limited to operations within Japan. European operations, including production and distribution facilities in the United Kingdom and other European countries, are not affected and continue to operate normally. Similarly, operations in Oceania and Southeast Asia have not reported any disruptions.

Update - as of 3rd of October 2025, Asahi Group Holdings reports its servers were targeted by a ransomware attack. The investigation confirmed "traces suggesting a potential unauthorized transfer of data" and is working to determine the scope of the breach.

Asahi said it was processing orders by hand in an effort to avoid potential drinks shortages after the attack crippled its online systems.

As of 7th of October 2025, The Qilin ransomware group claimed responsibility for the attack on Asahi Group. Hackers claim they have stolen over 9,300 internal files (approximately 27GB of data). Qilin posted 29 images to its dark web site of what the group claims to be internal Asahi Group documents.

As of 14th of October 2025, Asahi reported that they have identified "the possibility that personal information may have been subject to unauthorised data transfer". If the investigation confirm breach and exposure of personal information, Asahi commits to notifying all affected individuals and taking measures in accordance with applicable laws.

As of 27th of November 2025, Asahi, reports that the incident potentially exposed personal information of approximately 1.52 million customers, plus data from 114,000 external contacts, 107,000 employees, and 168,000 family members.

As of 19th of February 2026, Asahi, reports that the incident exposed 115,513 sets of personal data. Of the total, 110,396 sets included the names and phone numbers of client companies' executives and employees, and 5,117 included the names and addresses of Asahi Group workers, including some no longer with the firm.