Japanese beer giant Asahi says data breach hit 1.5 million people

Japan’s largest beer producer, Asahi Group Holdings, has completed its investigation into the September cyberattack and found that the incident affected 1.9 million people.

The type of data compromised in the attack includes full name, gender, physical address, phone numbers and email addresses, and could be used in phishing attempts.

The incident was first disclosed on September 29, when the company was forced to suspend production and shipping operations due to a cyberattack.

At the time, Asahi said it found no evidence of access to customer data by unauthorized actors. However, a few days later the company confirmed that it had been hit by a ransomware attack and data had been stolen.

Following this disclosure, Quillin ransomware claimed intrusion and alleged possession of 27 GB of data from Asahi. The hackers published samples of the exfiltrated files on their data leak site to prove their claims.

A Press release The company Asahi says the following categories of individuals have been affected:

• 1,525,000 customers who contacted Asahi’s customer service centers (breweries, beverages, foods).
• 114,000 external contacts who received congratulatory or condolence telegrams from Asahi.
• 107,000 current and retired employees and 168,000 family members of those employees.

Asahi says the types of data exposed vary by category. For customers, this may include name, gender, physical and email address, and phone number; But for employees, it can also include date of birth and gender.

The company underlines that no payment card information was exposed in this incident. A dedicated contact line has been set up for affected parties to receive answers regarding exposed personal data.

According to Asahi’s CEO, Atsushi Katsuki, the company is still in the process of restoring the affected systems, a full two months after the initial settlement.

“We are making every effort to achieve full system restoration as soon as possible, while implementing measures to prevent recurrence and strengthening information security across the group,” Katsuki said.

“With respect to product supply, shipments are resuming in phases as system recovery progresses.”

Preventive measures implemented include redesigned communication routes, tighter network controls, restrictions on external Internet connections, upgrades to threat detection systems, security audits, and redesigned backup and business-continuity plans.