'We have not confirmed any instance of this data being published on the internet,' company says
Asahi Group Holdings has revealed that the information of more than a million customers, as well as hundreds of thousands of employees and their families, was potentially exposed in a cyberattack that disrupted their systems in September.
In a statement, the Japanese beverage company said the personal information of 1,525,000 individuals who contacted the Customer Service Centres of Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods may have been exposed.
This is also the case for the personal information of 107,000 employees, including retirees, as well as 168,000 of their family members.
The information that could have been exposed includes the name, gender, address, phone number, email addresses, and dates of birth, according to the company.
"Credit card information is not included," the company stated.
Cyberattack at Asahi
The personal information was potentially leaked after data from several company-issued computers used by employees had been exposed during a cyberattack in its data cetre in September.
"There is a possibility that personal information stored on servers in the data centre may have been exposed. We have not confirmed any instance of this data being published on the internet," the company stated.
According to Asahi, the attacker gained unauthorised access to the company's data centre network through equipment located at the Group's site.
"Ransomware was deployed simultaneously, encrypting data on multiple active servers and some PC devices connected to the network," it said.
"The impact of the attack on our systems is limited to those managed in Japan."
Asahi said it took approximately two months to contain the ransomware attack, restore its systems, and enhance security to prevent recurrence.
"I would like to sincerely apologise for any difficulties caused to our stakeholders by the recent system disruption," said Asahi Group CEO and President Atsushi Katsuki in a statement.
"We are making every effort to achieve full system restoration as quickly as possible, while implementing measures to prevent recurrence and strengthening information security across the Group."
Countries in the Asia-Pacific region have been experiencing elevated cyberattack cases, according to the latest data from Kaspersky Security Network.
Experts at the organisation attributed the situation to rapid digital transformation that expanded attack surfaces with varying levels of cybersecurity maturity.
"Enterprises in APAC were heavily targeted, driven by attacks on infrastructure and operational technology, especially in countries with growing economies and new data privacy laws," they said in a report.
