Last Thursday, Asahi confirmed that its systems were hit by a ransomware attack earlier this year, potentially exposing personal details of about 1.5 million customers. The company further stated that the same breach may have also affected thousands of employees, along with their relatives and several external associates.

The company reported that the compromised details consist of names, gender, addresses and telephone numbers, while emphasising that credit-card data was not involved. Asahi also noted that it has detected no signs of the information being posted online and believes the impact is limited to its Japan-based systems.

This disclosure follows a two-month probe into the attack that occurred in late September, triggering production stoppages, postponing new product releases and interrupting order management and shipping across the country. The resulting logistical issues caused noticeable shortages of Asahi’s beverages. The brewer commands about 40% of Japan’s beer sector, including the popular Super Dry brand.

According to Asahi, the intruders gained access to its data-center network through equipment located at one of its sites in Japan, allowing them to install ransomware that locked several operational servers and PCs. The breach also extended to some company-loaned laptops used by employees.

The company stated that it has dedicated nearly two months to controlling the impact of the attack and is in the process of gradually restoring shipments. While it aims to fully stabilize its logistics operations by February, some items are expected to remain delayed. Asahi has additionally delayed its annual financial results by 50 days due to accounting system issues caused by the breach.

“We will do our utmost to fully restore our systems as quickly as possible,” President Atsushi Katsugi said, adding that the company is implementing new security measures to prevent a recurrence.

The company did not disclose who carried out the breach, though the Russian-speaking Qilin ransomware group asserted in October that it was responsible and had taken financial data, staff records and internal projections. Asahi’s CEO also stated on Thursday that the firm has not paid any ransom.

Active since 2022, the Qilin ransomware gang runs a ransomware-as-a-service operation and has a history of targeting healthcare institutions, public sector agencies and commercial enterprises.