Asahi ransomware attack: Personal data potentially stolen

Personal data may have been stolen in the ransomware attack that forced Asahi to halt beer production, the company has said.

Japan’s biggest brewer was forced to halt production at the majority of its 30 factories in the country, after a cyber-attack late last month disrupted everything from beer shipments to its accounting system.

Russia-based ransomware group Qilin claimed responsibility for the attack, which has previously hacked other big organisations, including the NHS.

All of Asahi’s facilities have now partially reopened and restarted production but computer systems remain down, meaning orders are being processed using pen, paper and fax machines.

In a statement on Tuesday, Asahi said it was investigating whether personal information was stolen in the attack.

It said their Emergency Response Headquarters were working with cybersecurity experts to “restore the system as quickly as possible”, and will contact those affected by the hack.

“As we continue investigating the extent and details of the impact, focusing on the systems targeted in the recent attack, we have identified the possibility that personal information may have been subject to unauthorised data transfer,” it said.

“Should the investigation confirm this, we will promptly notify those concerned and take appropriate measures in accordance with applicable laws on the protection of personal information.”

It remains unclear about the type of personal information that was stolen, and Asahi declined to provide more detail as the matter is currently under investigation.

Asahi Group also owns Fullers in the UK and global brands including Peroni, Grolsch, and Pilsner Urquell. But Asahi said that only its systems and operations in Japan – which account for around half of its sales – have been affected in the attack.

Asahi apologised for “any difficulties” caused by the incident.

The company said it will delay the disclosure of its third-quarter financial results, citing the disruption caused by the attack.

It said the disclosure would be more than 45 days after the end of the October to December quarter, but when exactly would depend on the progress of restoring its system.

The cyber-attack is the latest to have hit operations at major firms.

Jaguar Land Rover, Marks and Spencer, and Co-op are among the major British companies that have been affected this year.

The UK’s National Cyber Security Centre has reported a record rise in “nationally significant” cyber-attacks in the last year, with an average of four happening every week.

They urged businesses to take “concrete action” to protect themselves from attacks.