Japanese Beer Giant Asahi Says Data Breach Hit 1.5 Million People

Asahi Group Holdings, Japan’s largest beer producer, has finished the investigation into the September cyberattack and found that the incident has impacted up to 1.9 million individuals.

The type of data compromised in the attack includes full names, genders, physical addresses, phone numbers, and email addresses, and could be used in phishing attempts.

The incident was first disclosed on September 29, when the company was forced to suspend production and shipping operations due to a cyberattack.

At the time, Asahi stated that it saw no evidence of customer data having been accessed by unauthorized actors. A few days later, though, the company confirmed that it suffered a ransomware attack and that data had been stolen.

The disclosure was followed by Qilin ransomware claiming the intrusion and alleging to have 27GB of data from Asahi. The hackers published samples of exfiltrated files on their data leak site to prove their claims.

A press release from the company Asahi states that the following categories of individuals have been impacted:

Asahi notes that the types of data exposed vary per category. For customers, it may include name, gender, physical and email address, and phone number; but for employees, it may also include dates of birth and gender.

The company underlines that no payment card information was exposed in the incident. A dedicated contact line has been established for affected parties to receive answers about the exposed personal data.

According to Asahi’s CEO, Atsushi Katsuki, the company is still in the process of restoring impacted systems, two full months after the initial compromise.

“We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group,” stated Katsuki

Source: BleepingComputer