The Japanese beer corporation Asahi disclosed on a recent Thursday that a disruptive ransomware attack in September successfully exfiltrated the personal information of about two million individuals. The incident was revealed on the same day it occurred, September 29th, and led to the continued partial disruption of the company’s operations in Japan as systems were gradually brought back online. The Qilin ransomware group later claimed responsibility in early October by adding Asahi to its dark web leak site and alleging the theft of 27 gigabytes of data from the company’s systems, confirming earlier announcements from Asahi that data had been compromised.
The personal data stolen affects several groups, with the largest being 1,525,000 individuals who had contacted Asahi’s customer services, whose names, addresses, phone numbers, and email addresses were compromised. Additionally, the attackers stole names, addresses, and phone numbers for 114,000 people who had received congratulatory or condolence messages from Asahi. For employees, the breach impacted 107,000 individuals, compromising their names, addresses, phone numbers, email addresses, dates of birth, and gender information. The data of 168,000 family members of current and former employees was also stolen, including names, dates of birth, and gender. The company confirmed, however, that the compromised information varied by individual and that no credit card data was exfiltrated, further noting that no instances of the data being published have been confirmed as of a recent Tuesday.
Asahi detailed that the threat actors initiated the breach by hacking network equipment, which they then used to compromise the company’s data center network. This action allowed the attackers to simultaneously deploy ransomware, encrypting data on numerous active servers and various PC devices connected to the network. The company has since been working to contain the ransomware and has committed to restoring systems and devices only in phases after they are confirmed to be secured and clean of malware.
Group president and CEO Atsushi Katsuki stated that Asahi is making every effort to achieve a full system restoration as quickly as possible while implementing measures to prevent recurrence and strengthening information security across the entire organization. Katsuki acknowledged the continued inconvenience but noted that product shipments are resuming in stages as the system recovery progresses. The company’s focus remains on a careful, phased approach to ensure long-term security.
An industry expert noted that the Qilin group is known for leaking data when a ransom is not paid and advised Asahi’s customers to remain vigilant for further updates. The expert emphasized that recovering manufacturing networks, such as Asahi’s, is a time-consuming process due to their complex structure, which may include legacy systems, shadow IT, and connections to supply chains. Because of the complexity and the need to ensure all traces of the compromise are removed, the full return to normalized operations is anticipated to take several months, potentially until February.
Reference:
