(1) News Related to Events and Issues
Japanese beverage company Asahi revealed that a massive cyber-attack in September may have exposed the personal information of more than 1.5 million customers. The ransomware attack disrupted operations across its factories in Japan, forcing employees to process orders manually. Personal details of individuals who contacted Asahi’s customer service centres were likely affected, and the company plans to notify those impacted. Asahi also delayed the release of its full-year financial results to focus on addressing the fallout from the incident. The attack has caused shortages of beer and soft drinks in shops across Japan, as Asahi accounts for around 40% of the country’s beer market.
(2) Causes of Events and Issues
The attack involved a ransomware virus that encrypted Asahi’s data and blocked access to its systems. Preliminary investigations showed the disruption began at a data centre on 29 September, during which the attacker infiltrated the network. While the company quickly isolated the affected systems, investigators found that personal information stored in the hacked servers was potentially exposed. The leaked data includes names, gender, addresses, and contact information of over 1.5 million customers, as well as data of about 107,000 employees, 168,000 family members, and 114,000 external contacts. The attack was claimed by the ransomware group Qilin, although Asahi has not confirmed the identity of the attacker or any evidence of data being released.
(3) Lessons to Be Learned from Events and Issues
The incident highlights the critical importance of robust cybersecurity measures for companies handling sensitive customer and employee data. It demonstrates that ransomware attacks can disrupt not only digital systems but also supply chains, causing real-world product shortages. Organizations must invest in preventative security protocols, rapid response mechanisms, and employee training to mitigate the impact of cyber threats. Additionally, transparency with customers and timely communication about data exposure are essential to maintain trust during such crises. The Asahi attack also underscores that global companies, even with operations overseas, are vulnerable to cyber-attacks targeting their core systems.
