Asahi

Summary

Japanese brewing giant Asahi suffered a Qilin ransomware attack detected on 29 September 2025 that forced suspension of operations at 30 factories and exposed personal data of approximately 1.9 million individuals globally. The attackers exfiltrated 27 gigabytes of data comprising 9,323 files, including Australian employee data from Melbourne-based Asahi Lifestyle Beverages. The Qilin group demanded $10 million USD for the stolen data.

What Happened

On 29 September 2025, Asahi Group Holdings detected a cyber attack by an affiliate of the Qilin ransomware-as-a-service operation. The attack forced the company to suspend operations at 30 factories in Japan. The attackers exfiltrated 27 gigabytes of data totalling 9,323 files and published 29 sample documents as proof. The stolen data included financial statements, company invoices, employee photo IDs, and details of an Australian employee from Melbourne-based Asahi Lifestyle Beverages who was seconded to another Asahi office overseas. According to Resecurity's HUNTER investigators, Qilin operators attempted to sell the stolen data for $10 million USD on underground markets.

Impact on Individuals

The breach exposed personal data of approximately 1.9 million individuals globally, significantly larger than initially disclosed. Australian employees of Asahi Lifestyle Beverages were caught up in what the hacking group described as "a global information leak." The compromised data included employee photo IDs and personal details. The attack's operational impact forced production suspension across 30 factories.

Organisational Response

Asahi Group Holdings launched an investigation upon detecting the attack on 29 September 2025. The company later concluded that approximately 1.9 million individuals were potentially affected. Asahi suspended production operations at 30 factories as a precautionary measure whilst addressing the security incident and investigating the full scope of the breach.