Personal data may have been stolen in the ransomware attack that forced Asahi to halt beer production, the company has confirmed. Japan's biggest brewer paused operations at most of its 30 factories nationwide after a significant cyber-attack disrupted everything, including beer shipments and its accounting system.
Currently, all of Asahi's facilities have partially reopened and production is resuming, but the disruption left computer systems incapacitated, necessitating the use of pen, paper, and fax machines for order processing.
In a statement released on Tuesday, Asahi announced that it is investigating the potential theft of personal information from the cyber breach. The company's Emergency Response Headquarters is collaborating with cybersecurity specialists to regain system integrity as quickly as possible, and it will inform those affected by the hack.
Asahi stated, As we continue investigating the extent and details of the impact, focusing on the systems targeted in the recent attack, we have identified the possibility that personal information may have been subject to unauthorized data transfer. Furthermore, they pledged to notify anyone concerned promptly and will take necessary actions aligned with the law on personal data protection.
Details regarding the specific types of personal information that may have been compromised remain unclear, as Asahi withheld additional specifics during the ongoing investigation.
The incident stems from an attack by the Russia-based ransomware group Qilin, known for previously targeting major organizations, including the NHS. This cyber-attack at Asahi is part of a larger trend where prominent companies such as Jaguar Land Rover, Marks and Spencer, and Co-op have also experienced breaches this year.
The UK's National Cyber Security Centre reported a record increase in nationally significant cyber-attacks over the past year, averaging four per week, and urged businesses to implement significant protective measures against such attacks.