Japanese retail company Muji, known globally for its minimalist household goods, clothing, and furniture, was forced to take its online store and related services in Japan offline due to a ransomware attack targeting its logistics partner, Askul. On Sunday evening, Japan time, Muji confirmed that the issue had crippled all retail services, preventing customers from browsing or making purchases online, viewing order histories through the Muji app, and displaying some web content. Although Muji didn’t provide a firm timeline for a full restoration, an update on Monday afternoon indicated that only making purchases from the online store and applying for a monthly flat-rate service were still unavailable. Muji, which operates over a thousand stores worldwide and generates an annual revenue of roughly $4 billion, also stated it was actively investigating the extent of the shipment impact to determine which orders, placed before the attack, needed email notification.
The source of the operational disruption is Askul, a major business-to-business and business-to-consumer office supplies and logistics e-commerce company owned by Yahoo! Japan Corporation. Askul issued a statement informing the public that it was hit by ransomware, leading to a suspension of its order and shipping operations. The company’s announcement specified, “Currently, a system failure has occurred on the Askul website due to a ransomware infection, and we have suspended orders and shipping operations.” Furthermore, Askul’s customer service desk is currently unreachable by phone or through the website, and critical services such as product return applications, receipt mailing, catalog shipping, and collection services have all been suspended.
Askul also stated that it is investigating the full scope of the impact, including the potential leakage of personal information and customer data, and promised to notify the public once the facts are established. Given that Askul is responsible only for Muji’s sales operations within Japan, the disruption is localized to that region. Muji’s stores and online operations in other countries, including China, Europe, and North America, remain available and are functioning normally.
As of the time of reporting, no ransomware gangs have claimed responsibility for the attack on Askul on their public extortion portals. This recent cyber incident marks another high-profile attack in Japan’s corporate sector. It follows closely after a separate ransomware attack that targeted Asahi, one of Japan’s largest beer producers.
The attack on Asahi was claimed by the Qilin ransomware gang and forced the company to suspend some production operations and delay scheduled product launches. Asahi later confirmed in a statement that the hackers successfully exfiltrated data from its systems. These back-to-back incidents underscore the increasing cyber risks facing major companies in Japan, extending from manufacturing and food production to logistics and global retail.
Reference:
