Asahi Group Holdings has confirmed that the large-scale cyberattack which disrupted its operations earlier this month (inside.beer, 02.10.2025) was indeed a ransomware assault. The company said it is now investigating the possible theft of personal and financial data, as hackers from the Russia-based group Qilin claimed responsibility and published evidence of the breach online.
The incident, which forced Japan’s largest brewer to halt automated production and delivery processes at most of its 30 domestic sites, continues to cause serious operational delays. Although limited manual production and shipments have resumed, computer systems remain largely offline, and full recovery is expected to take several more weeks.
In a statement released on Tuesday, Atsushi Katsuki, president and CEO of Asahi, apologized to customers and business partners, noting that the company’s Emergency Response Headquarters was “working with external experts to restore systems as quickly as possible.” He added that Asahi had “identified the possibility that personal information may have been subject to unauthorized transfer” and pledged to notify those affected in accordance with Japan’s data protection laws.
The breach has also forced the postponement of Asahi’s third-quarter earnings report, initially scheduled for November 12. According to The Japan Times, more than 9,300 files—containing employee records and financial data—may have been stolen. The BBC reported that although all factories have now partially reopened, order processing continues via fax and handwritten documents.
Asahi, producer of the popular Asahi Super Dry and owner of international brands such as Peroni Nastro Azzurro, Pilsner Urquell, and Grolsch, stressed that only its Japanese operations—representing roughly half of total sales—were affected. Nonetheless, distribution bottlenecks have already led to shortages in Tokyo restaurants and convenience stores, some of which have temporarily replaced Asahi beers with rival brands like Sapporo and Kirin.
Security experts from Nihon Cyber Defence warned that the case illustrates the growing exposure of Japan’s manufacturing sector to ransomware attacks. In 2024, the National Police Agency registered 222 ransomware incidents—a 12% rise year-on-year—but experts believe the real figure is much higher.
Asahi has not disclosed whether a ransom has been demanded or paid, and the company has yet to provide an estimated date for full system restoration.
